last sync: 2022-May-24 16:30:29 UTC

Azure Policy definition

Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities

Name Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities
Azure Portal
Id d2e7ea85-6b44-4317-a0be-1b951587f626
Version 3.3.0
details on versioning
Category Kubernetes
Microsoft docs
Description To reduce the attack surface of your containers, restrict CAP_SYS_ADMIN Linux capabilities. For more information, see
Mode Microsoft.Kubernetes.Data
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (audit, Audit, deny, Deny, disabled, Disabled)
Used RBAC Role none
Rule Aliases
Rule ResourceTypes IF (1)
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-29 18:06:01 change Minor (3.2.0 > 3.3.0)
2022-04-01 20:29:14 change Minor (3.1.0 > 3.2.0)
2022-02-18 17:44:00 change Minor (3.0.2 > 3.1.0)
2021-12-06 22:17:57 change Patch (3.0.1 > 3.0.2) *changes on text case sensitivity are not tracked
2021-10-04 15:27:15 change Version remains equal, old suffix: preview (3.0.1-preview > 3.0.1)
2021-09-08 15:39:57 change Patch, suffix remains equal (3.0.0-preview > 3.0.1-preview)
2021-08-30 14:27:30 change Major, suffix remains equal (2.1.0-preview > 3.0.0-preview)
2021-06-02 22:44:52 change Minor, suffix remains equal (2.0.0-preview > 2.1.0-preview)
2021-03-02 15:11:40 change Major, suffix remains equal (1.0.0-preview > 2.0.0-preview)
2021-02-17 14:28:42 add d2e7ea85-6b44-4317-a0be-1b951587f626
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State Type
Azure Security Benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn
JSON Changes