Prowler HUB

Minimize the admission of Windows HostProcess Containers

core_minimize_admission_windows_hostprocess_containers

Severityhigh

Servicecore

This check ensures that Kubernetes clusters are configured to minimize the admission of Windows containers with the hostProcess flag set to true, thus reducing the risk of privilege escalation and security breaches.

Risk

Allowing Windows containers with hostProcess can lead to increased security risks due to privileged access to Windows nodes.

Run this check with Prowler CLI

prowler kubernetes --checks core_minimize_admission_windows_hostprocess_containers

Run in Prowler Cloud

Recommendation

Restrict the use of Windows HostProcess containers unless essential for their operation.

Remediation

Native IAC

https://docs.prowler.com/checks/kubernetes/kubernetes-policy-index/bc_k8s_1#kubernetes

Other

Carefully review the need for HostProcess containers in Windows environments and restrict their use.

Source Code

Resource Type

KubernetesPod

References

https://kubernetes.io/docs/tasks/configure-pod-container/create-hostprocess-pod/

Check MetadataEdit

Check CodeEdit