Kubernetes CIS Benchmarks analysis

Scenario Information

This scenario is mainly to perform the Kubernetes CIS benchmarks analysis on top of Kubernetes nodes to identify the possible security vulnerabilities.

  • To get started with this scenario you can either access the node and perform by following kube-bench security or run the following command to deploy kube-bench as Kubernetes job
kubectl apply -f scenarios/kube-bench-security/node-job.yaml
kubectl apply -f scenarios/kube-bench-security/master-job.yaml

Scenario 6 Kube bench job

Scenario Solution

  • Now go ahead and get the jobs list and pods information by running the below commands
kubectl get jobs
kubectl logs -f kube-bench-node-xxxxx

Scenario 6 Kube bench output

  • Now based on the vulnerabilities you see from the Kubernetes CIS benchmarks, you can proceed with further exploitation