Runbook
Kubernetes - Kernel Module Loaded in Pod.
Back to Runbooks
Overview
This incident type is related to detecting the loading of kernel modules within a Kubernetes pod. This alert is usually triggered when kernel modules are loaded within a pod, which could potentially indicate an attack. The presence of a kernel module in a pod can allow attackers to gain privileges, escalate their access, and perform malicious activities. Therefore, this alert is critical in identifying such security threats and taking necessary actions to prevent them.
Parameters
Debug
1. List all pods in the default namespace
2. Get the logs for a specific pod
3. List all containers running in a pod
4. Check if any kernel modules are loaded in the container
5. Check the container's security context
6. Check the pod's security policy
Repair
Learn more
Related Runbooks
Check out these related runbooks to help you debug and resolve similar issues.