gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-26 12:51:33 -08:00
Code Issues Packages Projects Releases Wiki Activity

Migrate to using mdbook

Browse Source
This commit is contained in:
Congon4tor
2024-12-31 17:04:35 +01:00
parent b9a9fed802
commit cd27cf5a2e
1373 changed files with 26143 additions and 34152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/pentesting-cloud/openshift-pentesting/openshift-basic-information.md Normal file
View File

@@ -0,0 +1,40 @@
# OpenShift - Basic information
## Kubernetes prior b**asic knowledge** <a href="#a94e" id="a94e"></a>
Before working with OpenShift, ensure you are comfortable with the Kubernetes environment. The entire OpenShift chapter assumes you have prior knowledge of Kubernetes.
## OpenShift - Basic Information
### Introduction
OpenShift is Red Hats container application platform that offers a superset of Kubernetes features. OpenShift has stricter security policies. For instance, it is forbidden to run a container as root. It also offers a secure-by-default option to enhance security. OpenShift, features an web console which includes a one-touch login page.
#### CLI
OpenShift come with a it's own CLI, that can be found here:
{{#ref}}
https://docs.openshift.com/container-platform/4.11/cli_reference/openshift_cli/getting-started-cli.html
{{#endref}}
To login using the CLI:
```bash
oc login -u=<username> -p=<password> -s=<server>
oc login -s=<server> --token=<bearer token>
```
### **OpenShift - Security Context Constraints** <a href="#a94e" id="a94e"></a>
In addition to the [RBAC resources](https://docs.openshift.com/container-platform/3.11/architecture/additional_concepts/authorization.html#architecture-additional-concepts-authorization) that control what a user can do, OpenShift Container Platform provides _security context constraints_ (SCC) that control the actions that a pod can perform and what it has the ability to access.
SCC is a policy object that has special rules that correspond with the infrastructure itself, unlike RBAC that has rules that correspond with the Platform. It helps us define what Linux access-control features the container should be able to request/run. Example: Linux Capabilities, SECCOMP profiles, Mount localhost dirs, etc.
{{#ref}}
openshift-scc.md
{{#endref}}
{{#ref}}
https://docs.openshift.com/container-platform/3.11/architecture/additional_concepts/authorization.html#security-context-constraints
{{#endref}}