Phy K8s Security Audit
Kubernetes 清单安全审核员(CIS Kubernetes 基准)。扫描存储库中的所有 YAML/JSON 清单,以查找特权容器、hostNetwork/hostPID/hostIPC、危险的 hostPath 安装、缺少资源限制/探针、最新映像标签、RBAC 过度权限(集群管理绑定、通配符动词)、环境变量中的机密、缺少 NetworkPolicy、缺少 seccomp/AppArmor 配置文件。将调查结果映射到 CIS 基准控制和 PSS(Pod 安全标准)。 PyYAML 之外的零依赖关系。 ClawHub 上零竞争对手。
安装 / 下载方式
TotalClaw CLI推荐
totalclaw install totalclaw:phy041~phy-k8s-security-auditcURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/totalclaw%3Aphy041~phy-k8s-security-audit/file -o phy-k8s-security-audit.mdGit 仓库获取源码
git clone https://github.com/openclaw/skills/commit/ebdc434b8cd55e6c340ccb2bb93ca637c657d04b## 概述(中文)
Kubernetes 清单安全审核员(CIS Kubernetes 基准)。扫描存储库中的所有 YAML/JSON 清单,以查找特权容器、hostNetwork/hostPID/hostIPC、危险的 hostPath 安装、缺少资源限制/探针、最新映像标签、RBAC 过度权限(集群管理绑定、通配符动词)、环境变量中的机密、缺少 NetworkPolicy、缺少 seccomp/AppArmor 配置文件。将调查结果映射到 CIS 基准控制和 PSS(Pod 安全标准)。 PyYAML 之外的零依赖关系。 ClawHub 上零竞争对手。
## 原文
# phy-k8s-security-audit
Static security auditor for **Kubernetes YAML manifests**. Scans every Deployment, StatefulSet, DaemonSet, Pod, Job, CronJob, Role, ClusterRole, RoleBinding, ClusterRoleBinding, ServiceAccount, and NetworkPolicy in your repository against the **CIS Kubernetes Benchmark v1.9** and **Pod Security Standards (PSS)**. No cluster access required — works entirely on local manifest files.
## Why Manifest Auditing Matters
- Tesla's Kubernetes cluster was cryptojacked because their dashboard had no auth and pods ran privileged
- Attackers with access to one container can escape to the node via `privileged: true` or `hostPath` mounts
- Over-permissive RBAC (`cluster-admin`) is the #1 post-exploit persistence technique
- `automountServiceAccountToken: true` (the default) leaks credentials into every pod
## Checks: Pod / Container Level
| Check | Severity | CIS / PSS |
|-------|----------|-----------|
| `privileged: true` | CRITICAL | CIS 5.2.1 / PSS Restricted |
| `allowPrivilegeEscalation: true` or missing (default true) | HIGH | CIS 5.2.5 / PSS Restricted |
| `runAsNonRoot` missing or false | HIGH | CIS 5.2.6 / PSS Baseline |
| `runAsUser: 0` (root) | HIGH | CIS 5.2.6 |
| `hostNetwork: true` | HIGH | CIS 5.2.4 / PSS Baseline |
| `hostPID: true` | HIGH | CIS 5.2.2 / PSS Baseline |
| `hostIPC: true` | HIGH | CIS 5.2.3 / PSS Baseline |
| `hostPath` volume mount | HIGH | CIS 5.2.11 |
| `capabilities.add` with dangerous caps (SYS_ADMIN, NET_ADMIN, ALL) | CRITICAL | CIS 5.2.8 |
| Missing `capabilities.drop: [ALL]` | MEDIUM | CIS 5.2.7 / PSS Restricted |
| Missing resource `requests` and `limits` | MEDIUM | CIS 5.2.13 |
| `image: *:latest` or no tag | MEDIUM | Best practice |
| `imagePullPolicy: Never` with mutable tag | MEDIUM | Best practice |
| Missing `readinessProbe` | LOW | Best practice |
| Missing `livenessProbe` | LOW | Best practice |
| Secrets in `env` values (plaintext) | HIGH | CIS 5.4.1 |
| Missing `seccompProfile` | MEDIUM | CIS 5.7.2 / PSS Restricted |
| Missing `securityContext` entirely | MEDIUM | CIS 5.7.1 |
| `readOnlyRootFilesystem: false` (or missing) | MEDIUM | PSS Restricted |
## Checks: RBAC Level
| Check | Severity | CIS |
|-------|----------|-----|
| ClusterRoleBinding to `cluster-admin` | CRITICAL | CIS 5.1.1 |
| Role/ClusterRole with `verbs: ["*"]` | HIGH | CIS 5.1.3 |
| Role/ClusterRole with `resources: ["*"]` | HIGH | CIS 5.1.3 |
| Role with `secrets` GET/LIST permission | HIGH | CIS 5.1.2 |
| ServiceAccount with `automountServiceAccountToken: true` in non-system namespace | MEDIUM | CIS 5.1.5 |
| Default service account used (no explicit serviceAccountName) | MEDIUM | CIS 5.1.5 |
## Checks: Network Level
| Check | Severity | CIS |
|-------|----------|-----|
| No NetworkPolicy in namespace (detected from file dir) | HIGH | CIS 5.3.2 |
| NetworkPolicy `podSelector: {}` (applies to all pods) without ingress rules | MEDIUM | Best practice |
| Service type `NodePort` without explicit justification comment | LOW | CIS 5.4.2 |
| Service type `LoadBalancer` exposing non-HTTP port | MEDIUM | CIS 5.4.2 |
## Pod Security Standards Classification
Each Pod/Deployment spec is classified against PSS:
| Profile | Description |
|---------|-------------|
| **Privileged** | No restrictions — flag all workloads at this level |
| **Baseline** | No privileged, no host namespaces, no hostPath — minimum for most apps |
| **Restricted** | All of Baseline + non-root, no privilege escalation, seccomp, drop ALL caps |
## Implementation
```python
#!/usr/bin/env python3
"""
phy-k8s-security-audit — CIS Kubernetes Benchmark manifest scanner
Usage: python3 audit_k8s.py [path] [--json] [--ci] [--min-severity HIGH]
Requires: pip install pyyaml (almost always already installed)
"""
import argparse
import json
import os
import re
import sys
from dataclasses import dataclass, field
from pathlib import Path
from typing import Any, Optional
try:
import yaml
HAS_YAML = True
except ImportError:
HAS_YAML = False
print("Warning: PyYAML not found. Install with: pip install pyyaml", file=sys.stderr)
sys.exit(1)
CRITICAL, HIGH, MEDIUM, LOW = "CRITICAL", "HIGH", "MEDIUM", "LOW"
SEV_ORDER = {CRITICAL: 0, HIGH: 1, MEDIUM: 2, LOW: 3}
ICONS = {CRITICAL: "🔴", HIGH: "🟠", MEDIUM: "🟡", LOW: "⚪"}
# Capabilities that are effectively root
DANGEROUS_CAPS = {
"SYS_ADMIN", "NET_ADMIN", "SYS_PTRACE", "SYS_MODULE", "SYS_RAWIO",
"ALL", "SYSLOG", "DAC_READ_SEARCH", "LINUX_IMMUTABLE",
"NET_BROADCAST", "IPC_LOCK", "WAKE_ALARM", "BLOCK_SUSPEND",
}
# RBAC verbs that indicate over-permission
SENSITIVE_RBAC_VERBS = {"*", "create", "delete", "deletecollection", "patch", "update"}
SECRET_VERBS = {"get", "list", "watch", "*"}
@dataclass
class Finding:
file: str
resource_kind: str
resource_name: str
check_id: str
severity: str
title: str
detail: str
remediation: str
cis_ref: Optional[str] = None
pss_profile: Optional[str] = None
def get_name(obj: dict) -> str:
return obj.get("metadata", {}).get("name", "<unnamed>")
def get_namespace(obj: dict) -> str:
return obj.get("metadata", {}).get("namespace", "default")
def check_container_security(
container: dict,
file: str,
kind: str,
resource_name: str,
is_init: bool = False,
) -> list[Finding]:
findings = []
sc = container.get("securityContext", {})
cname = container.get("name", "<unnamed>")
label = f"{resource_name}/{cname}" + (" (init)" if is_init else "")
def add(check_id, sev, title, detail, remediation, cis=None, pss=None):
findings.append(Finding(file, kind, label, check_id, sev, title, detail, remediation, cis, pss))
# Privileged container
if sc.get("privileged") is True:
add("C001", CRITICAL, "Privileged container",
f"securityContext.privileged: true — container has full host access",
"Remove privileged: true. Use specific capabilities instead.",
"CIS 5.2.1", "PSS Restricted")
# Privilege escalation
if sc.get("allowPrivilegeEscalation") is True:
add("C002", HIGH, "Privilege escalation allowed",
"allowPrivilegeEscalation: true — setuid binaries can gain root",
"Set allowPrivilegeEscalation: false in securityContext.",
"CIS 5.2.5", "PSS Restricted")
elif "allowPrivilegeEscalation" not in sc:
# Default is true — flag unless privileged is already flagged
if not sc.get("privileged"):
add("C002b", MEDIUM, "allowPrivilegeEscalation not explicitly set (defaults to true)",
"Default allows setuid escalation. Explicitly disable.",
"Add allowPrivilegeEscalation: false to securityContext.",
"CIS 5.2.5")
# Root user
if sc.get("runAsUser") == 0:
add("C003", HIGH, "Container runs as root (runAsUser: 0)",
"Explicitly running as UID 0 — root in container maps to root on host in many configs.",
"Use a non-root UID: runAsUser: 1000 or higher.",
"CIS 5.2.6")
elif not sc.get("runAsNonRoot") and "runAsUser" not in sc:
add("C004", MEDIUM, "runAsNonRoot not enforced",
"Neither runAsNonRoot: true nor a non-zero runAsUser is set.",
"Add runAsNonRoot: true to securityContext.",
"CIS 5.2.6", "PSS Baseline")
# Capabilities
caps = sc.get("capabilities", {})
added_caps = caps.get("add", [])
for cap in added_caps:
if cap.upper() in DANGEROUS_CAPS:
add("C005", CRITICAL, f"Dangerous capability added: {cap}",
f"capabilities.add: [{cap}] grants near-root privileges.",
f"Remove {ca