admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-14 06:33:24 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2e9901bf9ec94de03e5ed7490847aac0ccbc598
nuclei-templates/cloud/aws/eks/eks-long-running-pods.yaml
Prince Chaddha ea7a5969c8 Revert "chore: update TemplateMan 🤖" 
This reverts commit c31d574176.
2025-05-27 10:39:47 +08:00

64 lines
2.1 KiB
YAML
Raw Blame History

id: eks-long-running-pods
info:
name: EKS Long Running Pods
author: princechaddha
severity: medium
description: |
Ensure that Amazon Elastic Kubernetes Service (EKS) clusters do not have pods running for more than 30 days. Long-running pods may indicate stale deployments, potential security risks, or resource inefficiencies.
impact: |
Long-running pods can lead to security vulnerabilities, outdated software versions, and inefficient resource utilization. They may also indicate a lack of proper deployment practices and maintenance.
remediation: |
Review and update long-running pods. Consider implementing proper deployment strategies, regular updates, and automated pod rotation policies.
reference:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/
- https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html
tags: cloud,devops,aws,amazon,eks,aws-cloud-config
variables:
region: "us-east-1"
days: "30"
flow: |
code(1)
for(let cluster of iterate(template.clusters)){
set("cluster", cluster)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws eks list-clusters --region $region --query 'clusters' --output json
extractors:
- type: json
name: clusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws eks update-kubeconfig --name $cluster --region $region
kubectl get pods --all-namespaces --field-selector=status.phase=Running --output=json | \
jq -r --argjson days "$days" '.items[] |
select((now - (.metadata.creationTimestamp | fromdate)) > ($days * 24 * 3600)) |
.metadata.namespace + "/" + .metadata.name'
matchers:
- type: word
words:
- "/"
extractors:
- type: dsl
dsl:
- '"EKS cluster " + cluster + " has pods running for more than " + days + " days"'
# digest: 4a0a00473045022078e484dde6ab14a2c60f99ac9498ceac9733bddc7c21db406a696cf49974d53d022100b8fde680e4403da4247605f652a492812f19e6559cfd949652e11e22dadbf28e:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink