https://community.isc2.org/t5/Tech-Talk/Kube-Cluster-and-Container-security/m-p/17732#M772 I don't have an answer at this point, I start with CIS baselines as rule of thumb to cover hardening aspects. Tue, 08 Jan 2019 20:35:35 GMT Kempy 2019-01-08T20:35:35Z https://community.isc2.org/t5/Tech-Talk/Kube-Cluster-and-Container-security/m-p/16866#M692 <P>How are folk&nbsp;auditing and securing kubernetes clusters and containers in general??</P><P>&nbsp;</P><P>I have struggled to get kube-bench to run in fully containerized control planes such as rancher and openshift.</P> Wed, 05 Dec 2018 15:24:17 GMT https://community.isc2.org/t5/Tech-Talk/Kube-Cluster-and-Container-security/m-p/16866#M692 Kempy 2018-12-05T15:24:17Z https://community.isc2.org/t5/Tech-Talk/Kube-Cluster-and-Container-security/m-p/16911#M695 Wow that's a lot of people not using docker and kubernetes or using them out of the box with defaults. Fri, 07 Dec 2018 15:00:28 GMT https://community.isc2.org/t5/Tech-Talk/Kube-Cluster-and-Container-security/m-p/16911#M695 Kempy 2018-12-07T15:00:28Z https://community.isc2.org/t5/Tech-Talk/Kube-Cluster-and-Container-security/m-p/17708#M769 <P>As with the growth of the use of docker/containers this sounds to me as an interesting topic.&nbsp;</P><P>&nbsp;</P><P>Can we come up with an suggested audit procedure?</P> Tue, 08 Jan 2019 08:43:43 GMT https://community.isc2.org/t5/Tech-Talk/Kube-Cluster-and-Container-security/m-p/17708#M769 leersums 2019-01-08T08:43:43Z https://community.isc2.org/t5/Tech-Talk/Kube-Cluster-and-Container-security/m-p/17732#M772 I don't have an answer at this point, I start with CIS baselines as rule of thumb to cover hardening aspects. Tue, 08 Jan 2019 20:35:35 GMT https://community.isc2.org/t5/Tech-Talk/Kube-Cluster-and-Container-security/m-p/17732#M772 Kempy 2019-01-08T20:35:35Z https://community.isc2.org/t5/Tech-Talk/Kube-Cluster-and-Container-security/m-p/17885#M800 <P>Hunting around:&nbsp;</P><P>&nbsp;</P><P><A href="https://kubernetes.io/docs/tasks/debug-application-cluster/audit/" target="_blank">https://kubernetes.io/docs/tasks/debug-application-cluster/audit/</A></P><P>&nbsp;</P><P><A href="https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/" target="_blank">https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/</A></P><P>&nbsp;</P><P><A href="https://kubernetes.io/docs/concepts/policy/pod-security-policy/" target="_blank">https://kubernetes.io/docs/concepts/policy/pod-security-policy/</A></P><P>&nbsp;</P><P>I agree, understand the technology, the Pod Security; Container security and then Kubernetes.</P><P>&nbsp;</P><P>This looks like fun.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P><P>&nbsp;</P> Sun, 13 Jan 2019 19:12:30 GMT https://community.isc2.org/t5/Tech-Talk/Kube-Cluster-and-Container-security/m-p/17885#M800 Caute_cautim 2019-01-13T19:12:30Z