> ## Documentation Index
> Fetch the complete documentation index at: https://cloudanix.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# System user interactive

### Event Information

#### Meaning

* The System user interactive event in a Kubernetes cluster refers to an event where a system user, such as root or an administrator, interacts with the cluster.
* This event could indicate potential security risks, as system users typically have elevated privileges and their actions should be closely monitored.
* To investigate this event, you can use the `kubectl get pods` command to list all the pods in the cluster and check for any suspicious activities or unauthorized access by system users.

#### Remediation

To remediate the event "System user interactive" using the Python Kubernetes API, you can follow these steps:

1. Identify the affected pod:
   * Use the `kubectl get pods` command to list all the pods in the cluster.
   * Look for the pod that triggered the "System user interactive" event.
   * Note down the name of the pod.

2. Modify the pod's security context to prevent interactive access and enforce best practices. This includes:
   * Ensuring the pod does not run as a privileged user.
   * Disabling privilege escalation.
   * Export the current configuration of the affected pod:
   ```bash theme={null}
     kubectl get pod <pod-name> -o yaml > pod.yaml
   ```
   * Edit the pod.yaml file to update the securityContext section:
   ```yaml theme={null}
   spec:
   securityContext:
      runAsNonRoot: true
      allowPrivilegeEscalation: false
      capabilities:
         drop:
         - ALL
   ```

3. Apply the Updated Configuration:
   ```bash theme={null}
      kubectl apply -f pod.yaml
   ```

Note: Make sure to test the changes in a non-production environment before applying them to production.
