> ## Documentation Index
> Fetch the complete documentation index at: https://cloudanix.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Terminal shell in container

### Event Information

#### Meaning

* The Terminal shell in container event in a Kubernetes cluster refers to a situation where a shell is opened within a container running in the cluster.
* This event can indicate potential security risks, as it may suggest unauthorized access or an attacker gaining control over the container.
* To investigate this event, you can use the `kubectl exec` command to access the container and inspect the shell activity. For example, `kubectl exec -it <pod-name> -- /bin/bash` allows you to open a shell within the container and analyze any suspicious activities.

#### Remediation

To remediate the event "Terminal shell in container" using the Python Kubernetes API, you can follow these steps:

1. Identify the affected container:
   * Use the Kubernetes API to list all the pods in the cluster: `kubectl get pods -o wide`
   * Identify the pod that triggered the event and note down its name.

2. Modify the pod's security context
   * Ensuring the pod does not run as a privileged user.
   * Disabling privilege escalation.
   * Export the current configuration of the affected pod:
   ```bash theme={null}
     kubectl get pod <pod-name> -o yaml > pod.yaml
   ```
   * Edit the pod.yaml file to update the securityContext section:
   ```yaml theme={null}
   spec:
   securityContext:
      runAsNonRoot: true
      allowPrivilegeEscalation: false
      capabilities:
         drop:
         - ALL
   ```

3. Apply the Updated Configuration:
   ```bash theme={null}
      kubectl apply -f pod.yaml
   ```

4. Restrict Terminal Access in Pod Specification::
   * Ensure that terminal shell access is restricted by reviewing and modifying the command and args fields in the pod specification:
   * Remove any unnecessary shell commands or entrypoints from the container configuration.
   * Example configuration to prevent interactive shell access:
   ```yaml theme={null}
   spec:
   containers:
   - name: your-container
      command:
         - /your-app
      args:
         - --no-shell
   ```

5. Apply the changes to the pod:
   * Use the Python Kubernetes API to apply the modified manifest: `kubectl apply -f pod.yaml`
   * Verify that the changes have been applied successfully: `kubectl get pod <pod-name>`

Note: Make sure to test the modified pod thoroughly before applying it to production environments.
