From f9d32975ec7bcfdd04fef63b6d902ad3262fd837 Mon Sep 17 00:00:00 2001 From: lichtblaugue Date: Wed, 23 Oct 2024 10:40:41 +0200 Subject: [PATCH] As suggested all scc rules added --- controls/bsi_sys_1_6.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/controls/bsi_sys_1_6.yml b/controls/bsi_sys_1_6.yml index 27de43eb2bd..935a1b54e78 100644 --- a/controls/bsi_sys_1_6.yml +++ b/controls/bsi_sys_1_6.yml @@ -448,9 +448,17 @@ controls: status: automated rules: # Section 2: - - scc_limit_host_dir_volume_plugin + - scc_drop_container_capabilities - scc_limit_container_allowed_capabilities + - scc_limit_host_dir_volume_plugin + - scc_limit_host_ports + - scc_limit_ipc_namespace + - scc_limit_net_raw_capability + - scc_limit_network_namespace - scc_limit_privilege_escalation + - scc_limit_privileged_containers + - scc_limit_process_id_namespace + - scc_limit_root_containers - id: SYS.1.6.A17 title: Running Containers Without Privileges