How to fix IP Forwarding issue in K8s env
183 views
Skip to first unread message
王韵
Mar 13, 2022, 10:26:23 PM3/13/22
to kubernetes-security-discuss
Dear team,
Our system detects the Centos vulnerability as: IP Forwarding Enabled. For details, please refer to: https://www.tenable.com/plugins/nessus/50686
Officially suggest us, echo 0 > /proc/sys/net/ipv4/ip_forward,But our k8s service has ip_forward enabled
Our environmental information is:centos 7k8s verrsion: 1.15.11
Can you guys give me some advice for this situation?
Thanks & Regards
樊尚享
Mar 13, 2022, 10:32:20 PM3/13/22
to 王韵, kubernetes-security-discuss
Hi Yun,
FYI
Best regards,
Fan shang xiang
'王韵' via kubernetes-security-discuss <kubernetes-se...@googlegroups.com> 于2022年3月14日周一 10:26写道:
--
You received this message because you are subscribed to the Google Groups "kubernetes-security-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-security...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubernetes-security-discuss/tencent_73A8D9566A6B9EC7721E4378B21DC693F708%40qq.com.
王韵
Mar 13, 2022, 10:39:27 PM3/13/22
to 樊尚享, kubernetes-security-discuss
Hi Fan shang xiang,
很感谢您的回复。
我们是给客户自建k8s集群,客户在做安全扫描的时候,发现了IP Forwarding Enabled的漏洞,官网建议为:echo 0 > /proc/sys/net/ipv4/ip_forward。但是这跟我们k8s 集群是有冲突的。
那么对于这种情况,作为我们k8s 集群是需要怎么处理呢?
谢谢
------------------ 原始邮件 ------------------
发件人: "樊尚享" <fansha...@gmail.com>;
发送时间: 2022年3月14日(星期一) 上午10:32
收件人: "王韵"<3148...@qq.com>;
抄送: "kubernetes-security-discuss"<kubernetes-se...@googlegroups.com>;
主题: Re: How to fix IP Forwarding issue in K8s env
樊尚享
Mar 14, 2022, 2:57:24 AM3/14/22
to 王韵, kubernetes-security-discuss
Hi ,
For security guideline of Kubernetes cluster, please refer to CIS Kubernetes Benchmarks (cisecurity.org) instead.
FYI
Fan Shang Xiang
王韵 <3148...@qq.com> 于2022年3月14日周一 10:39写道:
Reply all
Reply to author
Forward
0 new messages