auditing-kubernetes-cluster-rbac

Featured

Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous ClusterRoleBindings, service account abuse, and privilege escalation paths using kubectl, rbac-tool, KubiScan, and Kubeaudit.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Auditing Kubernetes Cluster RBAC ## When to Use - When performing security assessments of Kubernetes clusters (EKS, GKE, AKS, or self-managed) - When validating that RBAC policies enforce least privilege for users and service accounts - When investigating potential lateral movement or privilege escalation within a Kubernetes cluster - When compliance audits require documentation of access controls and permissions - When onboarding new teams to a shared cluster and defining appropriate RBAC policies **Do not use** for network policy auditing (use Cilium or Calico network policy tools), for container image scanning (use Trivy or Grype), or for runtime security monitoring (use Falco or Sysdig Secure). ## Prerequisites - kubectl configured with cluster-admin or equivalent read permissions to the target cluster - rbac-tool installed (`kubectl krew install rbac-tool` or binary from GitHub) - KubiScan installed (`pip install kubiscan`) - Kubeaudit installed (`brew install kubeaudit` or from GitHub releases) - Access to the cluster's audit logs for correlating RBAC findings with actual API access ## Workflow ### Step 1: Enumerate ClusterRoles and Roles with Dangerous Permissions Identify roles with wildcard permissions, secret access, pod exec, or escalation capabilities. ```bash # List all ClusterRoles with wildcard verb access kubectl get clusterroles -o json | python3 -c " import json, sys data = json.load(sys.stdin) for role in data['items']: name = role['metadata'...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Kubernetes · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-rbac-hardening-for-kubernetes

Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings, eliminating cluster-admin sprawl, and integrating external identity providers.

12,642 Updated today
mukul975
AI & Automation Solid

kubernetes-rbac-analyzer

Analyze kubernetes rbac analyzer operations. Auto-activating skill for Security Advanced. Triggers on: kubernetes rbac analyzer, kubernetes rbac analyzer Part of the Security Advanced skill category. Use when analyzing or auditing kubernetes rbac analyzer. Trigger with phrases like "kubernetes rbac analyzer", "kubernetes analyzer", "analyze kubernetes rbac r".

2,266 Updated today
jeremylongshore
AI & Automation Solid

rbac-design

Design minimal-privilege RBAC for workloads, operators, and human access in multi-tenant clusters.

14 Updated 3 days ago
sawrus
DevOps & Infrastructure Listed

k8s-security

Kubernetes security review — RBAC discipline, Pod Security Standards (baseline/restricted), NetworkPolicy default-deny, admission controllers (Kyverno/Gatekeeper/VAP), External Secrets Operator, and runtime monitoring via Falco and audit logs.

4 Updated 1 weeks ago
roodlicht
DevOps & Infrastructure Listed

kube-audit-kit

Performs read-only Kubernetes security audits by exporting resources, sanitizing metadata, grouping applications by topology, and generating PSS/NSA-compliant audit reports. Use when the user requests auditing Kubernetes clusters, Namespaces, security reviews, or configuration analysis.

1 Updated today
ViniciusMarsili