C 0062
AllControls, ArmoBest
Severity
Medium
Description of the the issue
Adding sudo to a container entry point command may escalate process privileges and allow access to forbidden resources. This control checks all the entry point commands in all containers in the pod to find those that have sudo command.
Related resources
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet
What does this control test
Check that there is no 'sudo' in the container entrypoint
Remediation
Remove sudo from the command line and use Kubernetes native root and capabilities controls to provide necessary privileges where they are required.