C-0042 - SSH server running inside container

Framework

AllControls, MITRE

Severity

Low

Description of the the issue

SSH server that is running inside a container may be used by attackers. If attackers gain valid credentials to a container, whether by brute force attempts or by other methods (such as phishing), they can use it to get remote access to the container by SSH.

Related resources

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, Service, StatefulSet

What does this control test

Check if service connected to some workload has an SSH port (22/2222). If so we raise an alert.

Remediation

Remove SSH from the container image or limit the access to the SSH server using network policies.

Example

No example