Aqua Security has been actively participating in the open source community around Kubernetes security, including contributing significantly to the kube-bench project. We have followed that up with the release of the kube-hunter project, named for its ability to hunt for security weaknesses in Kubernetes clusters. Kube-hunter enables Kubernetes administrators, operators and security teams to identify weaknesses in their deployments and address those issues before attackers can exploit them.
Kube-hunter augments the CIS validation for K8s deployments provided by kube-bench with discovery and penetration testing capabilities. In that respect it works much like an automated penetration testing tool — you give it the IP or DNS name of your Kubernetes cluster, and it will probe for security issues and alert you, for example, if your dashboard is open or your kubelets are accessible. Use kube-hunter to find Kubernetes installations in your environments, assess them for potential security risks, and receive suggestions on remediation for a wide range of vulnerabilities.
Laisser un commentaire
Participez-vous à la discussion?N'hésitez pas à contribuer!