From 1dc93646b8c198ab2596bf3893bd4157ebd110be Mon Sep 17 00:00:00 2001 From: YiscahLevySilas1 Date: Mon, 2 Oct 2023 00:08:20 +0300 Subject: [PATCH] add delete / review paths Signed-off-by: YiscahLevySilas1 --- rules/host-pid-ipc-privileges/raw.rego | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/rules/host-pid-ipc-privileges/raw.rego b/rules/host-pid-ipc-privileges/raw.rego index 7f300be15..c8c4e2c88 100644 --- a/rules/host-pid-ipc-privileges/raw.rego +++ b/rules/host-pid-ipc-privileges/raw.rego @@ -11,6 +11,7 @@ deny[msga] { "alertMessage": sprintf("Pod: %v has hostPID enabled", [pod.metadata.name]), "packagename": "armo_builtins", "alertScore": 7, + "deletePaths": [path], "failedPaths": [path], "fixPaths": [], "alertObject": { @@ -29,6 +30,7 @@ deny[msga] { "alertMessage": sprintf("Pod: %v has hostIPC enabled", [pod.metadata.name]), "packagename": "armo_builtins", "alertScore": 7, + "deletePaths": [path], "failedPaths": [path], "fixPaths": [], "alertObject": { @@ -47,6 +49,7 @@ deny[msga] { msga := { "alertMessage": sprintf("%v: %v has a pod with hostPID enabled", [wl.kind, wl.metadata.name]), "alertScore": 9, + "deletePaths": [path], "failedPaths": [path], "fixPaths": [], "packagename": "armo_builtins", @@ -66,6 +69,7 @@ deny[msga] { msga := { "alertMessage": sprintf("%v: %v has a pod with hostIPC enabled", [wl.kind, wl.metadata.name]), "alertScore": 9, + "deletePaths": [path], "failedPaths": [path], "fixPaths": [], "packagename": "armo_builtins", @@ -84,6 +88,7 @@ deny[msga] { msga := { "alertMessage": sprintf("CronJob: %v has a pod with hostPID enabled", [wl.metadata.name]), "alertScore": 9, + "deletePaths": [path], "failedPaths": [path], "fixPaths": [], "packagename": "armo_builtins", @@ -103,6 +108,7 @@ deny[msga] { msga := { "alertMessage": sprintf("CronJob: %v has a pod with hostIPC enabled", [wl.metadata.name]), "alertScore": 9, + "deletePaths": [path], "failedPaths": [path], "fixPaths": [], "packagename": "armo_builtins",