Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update README.md #1044

Merged
merged 1 commit into from
Jul 4, 2023
Merged

Update README.md #1044

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -263,16 +263,16 @@ kubearmorpolicy.security.kubearmor.com/mysql-mysql-5-6-write-under-dev-dir creat

**Now we are successfully applied all the hardening policies.**

## 5G Policies
## FiGHT Policies

To get hardening policies for 5G workloads use `karmor recommend` with the tag filter
To get hardening policies for FiGHT workloads use `karmor recommend` with the tag filter

```bash
$ karmor recommend -n default -t 5G
$ karmor recommend -n default -t FIGHT
```

```console
karmor recommend -t 5G -n default (summary|✚3)
karmor recommend -t FIGHT -n default (summary|✚3)
INFO[0000] Found outdated version of policy-templates Current Version=v0.2.3
INFO[0000] Downloading latest version [v0.2.4]
INFO[0002] policy-templates updated Updated Version=v0.2.4
Expand Down Expand Up @@ -303,30 +303,30 @@ output report in out/report.txt ...
+------------------------------------+--------------------------------+----------+--------+-----------------------------------+
| knoxuser-5g-sample-latest-trusted- | Restrict access to trusted | 1 | Block | MITRE |
| cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials |
| | image | | | FGT1555 5G |
| | image | | | FGT1555 FIGHT |
+------------------------------------+--------------------------------+----------+--------+-----------------------------------+
| knoxuser-5g-sample-latest-5g- | Adversaries may search for | 1 | Block | MITRE |
| tactic-credentials-from-password- | common password storage | | | MITRE_T1552_unsecured_credentials |
| stores.yaml | locations to obtain user | | | FGT1555 5G |
| stores.yaml | locations to obtain user | | | FGT1555 FIGHT |
| | credentials. | | | |
+------------------------------------+--------------------------------+----------+--------+-----------------------------------+
| knoxuser-5g-sample-latest-impair- | Adversaries may maliciously | 6 | Audit | MITRE |
| defense.yaml | modify components of a victim | | | FGT1562 |
| | environment in order to | | | 5G |
| | environment in order to | | | FIGHT |
| | hinder or disable defensive | | | |
| | mechanisms. | | | |
+------------------------------------+--------------------------------+----------+--------+-----------------------------------+
| knoxuser-5g-sample-latest-network- | Adversaries may attempt to | 5 | Audit | MITRE |
| service-scanning.yaml | get a listing of services | | | FGT1046 |
| | running on remote hosts, | | | 5G |
| | running on remote hosts, | | | FIGHT |
| | including those that may be | | | |
| | vulnerable to remote software | | | |
| | exploitation. | | | |
+------------------------------------+--------------------------------+----------+--------+-----------------------------------+
| knoxuser-5g-sample-latest-remote- | Adversaries may use Valid | 3 | Audit | MITRE |
| services.yaml | Accounts to log into a service | | | 5G |
| services.yaml | Accounts to log into a service | | | FIGHT |
| | specifically designed to | | | FGT1021 |
| | accept remote connections, | | | |
| | such as telnet, SSH, and VNC. | | | |
+------------------------------------+--------------------------------+----------+--------+-----------------------------------+
```
```