last sync: 2022-Sep-23 16:35:49 UTC

Azure Policy definition

Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities

Name Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities
Azure Portal
Id d2e7ea85-6b44-4317-a0be-1b951587f626
Version 5.0.0
details on versioning
Category Kubernetes
Microsoft docs
Description To reduce the attack surface of your containers, restrict CAP_SYS_ADMIN Linux capabilities. For more information, see https://aka.ms/kubepolicydoc.
Mode Microsoft.Kubernetes.Data
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (audit, Audit, deny, Deny, disabled, Disabled)
Used RBAC Role none
Rule Aliases
Rule ResourceTypes IF (1)
Microsoft.ContainerService/managedClusters
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-19 17:41:40 change Major (4.0.0 > 5.0.0)
2022-07-08 16:32:07 change Major (3.3.1 > 4.0.0)
2022-06-17 16:31:08 change Patch (3.3.0 > 3.3.1) *changes on text case sensitivity are not tracked
2022-04-29 18:06:01 change Minor (3.2.0 > 3.3.0)
2022-04-01 20:29:14 change Minor (3.1.0 > 3.2.0)
2022-02-18 17:44:00 change Minor (3.0.2 > 3.1.0)
2021-12-06 22:17:57 change Patch (3.0.1 > 3.0.2) *changes on text case sensitivity are not tracked
2021-10-04 15:27:15 change Version remains equal, old suffix: preview (3.0.1-preview > 3.0.1)
2021-09-08 15:39:57 change Patch, suffix remains equal (3.0.0-preview > 3.0.1-preview)
2021-08-30 14:27:30 change Major, suffix remains equal (2.1.0-preview > 3.0.0-preview)
2021-06-02 22:44:52 change Minor, suffix remains equal (2.0.0-preview > 2.1.0-preview)
2021-03-02 15:11:40 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-02-17 14:28:42 add d2e7ea85-6b44-4317-a0be-1b951587f626
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State Type
Azure Security Benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
New Zealand ISM Restricted v3.5 93d2179e-3068-c82f-2428-d614ae836a04 Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
JSON Changes

JSON