Secure MCP Server

# Container Security Configuration for Secure MCP\n# This file defines the comprehensive security policies for container execution\n\napiVersion: v1\nkind: ContainerSecurityPolicy\nmetadata:\n name: secure-mcp-policy\n version: \"1.0.0\"\n description: \"Enterprise-grade container security policy for MCP server\"\n lastUpdated: \"2024-12-19\"\n\n# Security Levels Configuration\nsecurityLevels:\n low:\n description: \"Minimal security restrictions for development\"\n requirements:\n seccomp: optional\n userNamespace: optional\n capabilities: basic\n networkIsolation: none\n resourceLimits: soft\n macProfiles: optional\n \n medium:\n description: \"Balanced security for testing environments\"\n requirements:\n seccomp: required\n userNamespace: required\n capabilities: restricted\n networkIsolation: basic\n resourceLimits: enforced\n macProfiles: recommended\n \n high:\n description: \"High security for production environments\"\n requirements:\n seccomp: strict\n userNamespace: enforced\n capabilities: minimal\n networkIsolation: strict\n resourceLimits: strict\n macProfiles: required\n \n critical:\n description: \"Maximum security for sensitive workloads\"\n requirements:\n seccomp: maximum\n userNamespace: enforced\n capabilities: none\n networkIsolation: isolated\n resourceLimits: maximum\n macProfiles: enforced\n\n# Container Runtime Configuration\ncontainerRuntime:\n # Allowed container runtimes in order of security preference\n allowedRuntimes:\n - name: \"kata\"\n securityLevel: \"critical\"\n description: \"Hardware-virtualized containers\"\n features:\n - hardware-isolation\n - kernel-isolation\n - memory-protection\n \n - name: \"gvisor\"\n securityLevel: \"high\"\n description: \"User-space kernel for containers\"\n features:\n - syscall-interception\n - sandbox-isolation\n - network-filtering\n \n - name: \"docker\"\n securityLevel: \"medium\"\n description: \"Standard Docker runtime with security hardening\"\n features:\n - namespace-isolation\n - cgroup-limits\n - seccomp-filtering\n \n # Default runtime selection based on security level\n defaultSelection:\n critical: \"kata\"\n high: \"gvisor\"\n medium: \"docker\"\n low: \"docker\"\n\n# Image Security Policies\nimagePolicy:\n # Allowed base images and registries\n allowedImages:\n - \"alpine:3.19\"\n - \"alpine:3.18\"\n - \"ubuntu:22.04\"\n - \"ubuntu:20.04\"\n - \"python:3.11-slim\"\n - \"python:3.10-slim\"\n - \"node:20-alpine\"\n - \"node:18-alpine\"\n - \"golang:1.21-alpine\"\n - \"rust:1.75-alpine\"\n - \"openjdk:21-jre-slim\"\n - \"openjdk:17-jre-slim\"\n \n # Trusted registries\n trustedRegistries:\n - \"docker.io/library\"\n - \"gcr.io/distroless\"\n - \"quay.io/\"\n - \"registry.access.redhat.com\"\n \n # Image validation requirements\n validation:\n requireSignature: true\n requireScanResults: true\n maxCriticalVulnerabilities: 0\n maxHighVulnerabilities: 3\n maxMediumVulnerabilities: 10\n prohibitedPackages:\n - \"netcat\"\n - \"nmap\"\n - \"curl\" # Only in certain contexts\n - \"wget\" # Only in certain contexts\n - \"ssh-client\"\n - \"telnet\"\n\n# Seccomp Security Profiles\nseccompProfiles:\n # Critical security level - maximum restriction\n critical:\n defaultAction: \"SCMP_ACT_KILL\"\n allowedSyscalls:\n essential:\n - \"read\"\n - \"write\"\n - \"close\"\n - \"open\"\n - \"openat\"\n - \"mmap\"\n - \"munmap\"\n - \"brk\"\n - \"rt_sigaction\"\n - \"rt_sigprocmask\"\n - \"clone\"\n - \"execve\"\n - \"exit\"\n - \"exit_group\"\n - \"wait4\"\n - \"kill\"\n - \"getpid\"\n - \"getuid\"\n - \"getgid\"\n \n blockedSyscalls:\n dangerous:\n - \"mount\"\n - \"umount\"\n - \"umount2\"\n - \"swapon\"\n - \"swapoff\"\n - \"pivot_root\"\n - \"chroot\"\n - \"ptrace\"\n - \"process_vm_readv\"\n - \"process_vm_writev\"\n - \"init_module\"\n - \"finit_module\"\n - \"delete_module\"\n - \"kexec_load\"\n - \"kexec_file_load\"\n - \"reboot\"\n - \"syslog\"\n - \"setuid\"\n - \"setgid\"\n - \"setfsuid\"\n - \"setfsgid\"\n - \"capget\"\n - \"capset\"\n\n # High security level - strict restriction\n high:\n defaultAction: \"SCMP_ACT_ERRNO\"\n allowedSyscalls:\n basic:\n - \"read\"\n - \"write\"\n - \"readv\"\n - \"writev\"\n - \"open\"\n - \"openat\"\n - \"close\"\n - \"creat\"\n - \"access\"\n - \"faccessat\"\n - \"dup\"\n - \"dup2\"\n - \"dup3\"\n - \"pipe\"\n - \"pipe2\"\n - \"mmap\"\n - \"munmap\"\n - \"mprotect\"\n - \"brk\"\n - \"clone\"\n - \"fork\"\n - \"vfork\"\n - \"execve\"\n - \"execveat\"\n - \"exit\"\n - \"exit_group\"\n - \"wait4\"\n - \"waitid\"\n - \"waitpid\"\n - \"kill\"\n - \"tgkill\"\n - \"tkill\"\n - \"getpid\"\n - \"getppid\"\n - \"gettid\"\n - \"getuid\"\n - \"geteuid\"\n - \"getgid\"\n - \"getegid\"\n - \"getgroups\"\n - \"rt_sigaction\"\n - \"rt_sigprocmask\"\n - \"rt_sigreturn\"\n - \"time\"\n - \"gettimeofday\"\n - \"clock_gettime\"\n - \"nanosleep\"\n\n# Capability Management\ncapabilities:\n # All Linux capabilities categorized by risk level\n risk_levels:\n critical:\n - \"CAP_SYS_ADMIN\" # System administration\n - \"CAP_SYS_MODULE\" # Load/unload kernel modules\n - \"CAP_SYS_RAWIO\" # Raw I/O operations\n - \"CAP_SYS_PTRACE\" # Process tracing\n - \"CAP_SYS_BOOT\" # System reboot\n - \"CAP_DAC_OVERRIDE\" # Bypass file permissions\n - \"CAP_SETUID\" # Change user ID\n - \"CAP_SETPCAP\" # Transfer capabilities\n - \"CAP_NET_ADMIN\" # Network administration\n - \"CAP_SETFCAP\" # Set file capabilities\n - \"CAP_MAC_OVERRIDE\" # Override MAC policies\n - \"CAP_MAC_ADMIN\" # Configure MAC policies\n \n high:\n - \"CAP_DAC_READ_SEARCH\" # Bypass read permissions\n - \"CAP_FSETID\" # Set file SUID/SGID\n - \"CAP_SETGID\" # Change group ID\n - \"CAP_NET_RAW\" # Use raw sockets\n - \"CAP_SYS_RESOURCE\" # Override resource limits\n - \"CAP_AUDIT_CONTROL\" # Control audit system\n - \"CAP_MKNOD\" # Create device files\n \n medium:\n - \"CAP_KILL\" # Send signals\n - \"CAP_CHOWN\" # Change file ownership\n - \"CAP_FOWNER\" # Bypass ownership checks\n - \"CAP_IPC_LOCK\" # Lock memory\n - \"CAP_IPC_OWNER\" # Bypass IPC ownership\n - \"CAP_SYS_NICE\" # Change process priority\n - \"CAP_SYS_TIME\" # Set system clock\n - \"CAP_AUDIT_WRITE\" # Write to audit log\n \n low:\n - \"CAP_NET_BIND_SERVICE\" # Bind to privileged ports\n - \"CAP_NET_BROADCAST\" # Network broadcasts\n - \"CAP_LEASE\" # File leases\n - \"CAP_SYS_TTY_CONFIG\" # Configure TTY\n - \"CAP_WAKE_ALARM\" # Trigger system wake\n - \"CAP_BLOCK_SUSPEND\" # Block system suspend\n\n # Default capability configurations by security level\n securityLevelDefaults:\n critical:\n drop: \"ALL\"\n add: []\n \n high:\n drop: \"ALL\"\n add: []\n \n medium:\n drop:\n - \"CAP_SYS_ADMIN\"\n - \"CAP_SYS_MODULE\"\n - \"CAP_SYS_RAWIO\"\n - \"CAP_SYS_PTRACE\"\n - \"CAP_SYS_BOOT\"\n - \"CAP_DAC_OVERRIDE\"\n - \"CAP_SETUID\"\n - \"CAP_SETGID\"\n - \"CAP_SETPCAP\"\n - \"CAP_NET_ADMIN\"\n - \"CAP_NET_RAW\"\n add: []\n \n low:\n drop:\n - \"CAP_SYS_ADMIN\"\n - \"CAP_SYS_MODULE\"\n - \"CAP_SYS_RAWIO\"\n - \"CAP_SYS_PTRACE\"\n - \"CAP_SYS_BOOT\"\n add: []\n\n# Resource Limits\nresourceLimits:\n # Default limits by security level\n securityLevelDefaults:\n critical:\n memory:\n limit: \"512Mi\"\n reservation: \"256Mi\"\n swappiness: 0\n swapLimit: \"0\"\n kernelLimit: \"64Mi\"\n oomKillDisable: false\n cpu:\n cpus: \"0.5\"\n quota: 50000\n period: 100000\n shares: 512\n pids:\n limit: 20\n io:\n weight: 100\n readBps: \"5Mi\"\n writeBps: \"5Mi\"\n readIOPS: 100\n writeIOPS: 100\n files:\n nofile: 256\n fsize: 52428800 # 50MB\n \n high:\n memory:\n limit: \"1Gi\"\n reservation: \"512Mi\"\n swappiness: 10\n swapLimit: \"0\"\n kernelLimit: \"128Mi\"\n oomKillDisable: false\n cpu:\n cpus: \"1.0\"\n quota: 100000\n period: 100000\n shares: 1024\n pids:\n limit: 50\n io:\n weight: 500\n readBps: \"10Mi\"\n writeBps: \"10Mi\"\n readIOPS: 1000\n writeIOPS: 1000\n files:\n nofile: 1024\n fsize: 104857600 # 100MB\n \n medium:\n memory:\n limit: \"2Gi\"\n reservation: \"1Gi\"\n swappiness: 30\n swapLimit: \"1Gi\"\n kernelLimit: \"256Mi\"\n oomKillDisable: false\n cpu:\n cpus: \"2.0\"\n quota: 200000\n period: 100000\n shares: 2048\n pids:\n limit: 100\n io:\n weight: 1000\n readBps: \"50Mi\"\n writeBps: \"50Mi\"\n readIOPS: 5000\n writeIOPS: 5000\n files:\n nofile: 4096\n fsize: 1073741824 # 1GB\n \n low:\n memory:\n limit: \"4Gi\"\n reservation: \"2Gi\"\n swappiness: 60\n swapLimit: \"2Gi\"\n kernelLimit: \"512Mi\"\n oomKillDisable: false\n cpu:\n cpus: \"4.0\"\n quota: 400000\n period: 100000\n shares: 4096\n pids:\n limit: 1000\n io:\n weight: 1000\n readBps: \"100Mi\"\n writeBps: \"100Mi\"\n readIOPS: 10000\n writeIOPS: 10000\n files:\n nofile: 8192\n fsize: 2147483648 # 2GB\n\n# Network Security Policies\nnetworkPolicy:\n # Default network configurations by security level\n securityLevelDefaults:\n critical:\n mode: \"none\" # No network access\n isolation:\n isolateFromHost: true\n isolateFromContainers: true\n allowLoopback: true\n blockPrivateNetworks: true\n enableDPI: false\n firewallRules:\n - id: \"block-all-input\"\n action: \"drop\"\n direction: \"input\"\n protocol: \"all\"\n priority: 1000\n description: \"Block all inbound traffic\"\n - id: \"block-all-output\"\n action: \"drop\"\n direction: \"output\"\n protocol: \"all\"\n priority: 1000\n description: \"Block all outbound traffic\"\n bandwidth:\n upload: \"0Mbps\"\n download: \"0Mbps\"\n burst: \"0Mbps\"\n latency: 0\n \n high:\n mode: \"custom\"\n isolation:\n isolateFromHost: true\n isolateFromContainers: true\n allowLoopback: true\n blockPrivateNetworks: true\n enableDPI: true\n allowedPorts: []\n allowedHosts: []\n dnsServers:\n - \"1.1.1.1\"\n - \"8.8.8.8\"\n firewallRules:\n - id: \"block-private-networks\"\n action: \"drop\"\n direction: \"output\"\n destination: \"10.0.0.0/8\"\n priority: 100\n description: \"Block access to private networks\"\n - id: \"block-metadata-service\"\n action: \"drop\"\n direction: \"output\"\n destination: \"169.254.169.254\"\n priority: 50\n description: \"Block cloud metadata service\"\n bandwidth:\n upload: \"1Mbps\"\n download: \"10Mbps\"\n burst: \"500Kbps\"\n latency: 100\n \n medium:\n mode: \"bridge\"\n isolation:\n isolateFromHost: true\n isolateFromContainers: false\n allowLoopback: true\n blockPrivateNetworks: true\n enableDPI: false\n allowedPorts:\n - port: 80\n protocol: \"tcp\"\n direction: \"outbound\"\n - port: 443\n protocol: \"tcp\"\n direction: \"outbound\"\n - port: 53\n protocol: \"udp\"\n direction: \"outbound\"\n dnsServers:\n - \"1.1.1.1\"\n - \"8.8.8.8\"\n - \"8.8.4.4\"\n bandwidth:\n upload: \"10Mbps\"\n download: \"50Mbps\"\n burst: \"5Mbps\"\n latency: 50\n \n low:\n mode: \"bridge\"\n isolation:\n isolateFromHost: false\n isolateFromContainers: false\n allowLoopback: true\n blockPrivateNetworks: false\n enableDPI: false\n allowedPorts:\n - port: \"1-65535\"\n protocol: \"tcp\"\n direction: \"both\"\n - port: \"1-65535\"\n protocol: \"udp\"\n direction: \"both\"\n bandwidth:\n upload: \"100Mbps\"\n download: \"1Gbps\"\n burst: \"50Mbps\"\n latency: 10\n\n# User Namespace Configuration\nuserNamespace:\n # Default configurations by security level\n securityLevelDefaults:\n critical:\n enabled: true\n rootlessMode: true\n maxUserNamespaces: 1\n uidMappings:\n - containerUid: 0\n hostUid: 65534 # nobody user\n size: 1\n gidMappings:\n - containerGid: 0\n hostGid: 65534 # nobody group\n size: 1\n \n high:\n enabled: true\n rootlessMode: true\n maxUserNamespaces: 3\n uidMappings:\n - containerUid: 0\n hostUid: 1000\n size: 1\n - containerUid: 1\n hostUid: 100000\n size: 65535\n gidMappings:\n - containerGid: 0\n hostGid: 1000\n size: 1\n - containerGid: 1\n hostGid: 100000\n size: 65535\n \n medium:\n enabled: true\n rootlessMode: true\n maxUserNamespaces: 5\n uidMappings:\n - containerUid: 0\n hostUid: 1000\n size: 1\n - containerUid: 1\n hostUid: 100000\n size: 65535\n gidMappings:\n - containerGid: 0\n hostGid: 1000\n size: 1\n - containerGid: 1\n hostGid: 100000\n size: 65535\n \n low:\n enabled: false\n rootlessMode: false\n maxUserNamespaces: 10\n\n# Mandatory Access Control (MAC) Profiles\nmacProfiles:\n apparmor:\n critical:\n profileName: \"mcp-critical-container\"\n enforceMode: \"enforce\"\n abstractions: [\"base\"]\n capabilities: []\n networkAccess:\n allowedProtocols: []\n denyRaw: true\n denyPacket: true\n fileAccess:\n allowedPaths:\n - \"/app/**\"\n - \"/tmp/**\"\n deniedPaths:\n - \"/proc/sys/**\"\n - \"/sys/**\"\n - \"/boot/**\"\n - \"/etc/shadow\"\n - \"/etc/passwd\"\n - \"/root/**\"\n readOnlyPaths:\n - \"/lib/**\"\n - \"/usr/lib/**\"\n - \"/bin/**\"\n - \"/usr/bin/**\"\n executablePaths:\n - \"/app/**\"\n tmpfsSize: \"50M\"\n processControl:\n allowPtrace: false\n allowSignals: false\n denyMount: true\n systemAccess:\n allowedSysctl: []\n deniedSysctl:\n - \"kernel.**\"\n - \"vm.**\"\n - \"fs.**\"\n - \"net.**\"\n allowedProcAccess:\n - \"meminfo\"\n - \"cpuinfo\"\n deniedProcAccess:\n - \"kcore\"\n - \"kmem\"\n - \"mem\"\n - \"sysrq-trigger\"\n\n selinux:\n critical:\n moduleName: \"mcp_critical_container\"\n version: \"1.0.0\"\n types:\n - \"mcp_critical_t\"\n - \"mcp_critical_file_t\"\n - \"mcp_critical_exec_t\"\n domains:\n - \"mcp_critical_domain\"\n allowRules:\n - source: \"mcp_critical_t\"\n target: \"mcp_critical_file_t\"\n objectClass: \"file\"\n permissions: [\"read\", \"getattr\"]\n auditRules:\n - source: \"mcp_critical_t\"\n target: \"admin_home_t\"\n objectClass: \"file\"\n permissions: [\"read\", \"write\"]\n\n# Security Monitoring and Alerting\nmonitoring:\n # Events to monitor for security violations\n securityEvents:\n - name: \"capability_violation\"\n description: \"Unauthorized capability usage detected\"\n severity: \"high\"\n actions: [\"log\", \"alert\", \"terminate\"]\n \n - name: \"syscall_violation\"\n description: \"Blocked syscall attempted\"\n severity: \"medium\"\n actions: [\"log\", \"alert\"]\n \n - name: \"network_violation\"\n description: \"Unauthorized network access\"\n severity: \"high\"\n actions: [\"log\", \"alert\", \"block\"]\n \n - name: \"resource_violation\"\n description: \"Resource limits exceeded\"\n severity: \"medium\"\n actions: [\"log\", \"alert\", \"throttle\"]\n \n - name: \"file_violation\"\n description: \"Unauthorized file access\"\n severity: \"high\"\n actions: [\"log\", \"alert\", \"deny\"]\n \n # Metrics to collect\n metrics:\n - name: \"container_starts\"\n type: \"counter\"\n labels: [\"security_level\", \"runtime\", \"image\"]\n \n - name: \"security_violations\"\n type: \"counter\"\n labels: [\"violation_type\", \"severity\", \"action\"]\n \n - name: \"resource_usage\"\n type: \"gauge\"\n labels: [\"resource_type\", \"container_id\"]\n \n - name: \"execution_duration\"\n type: \"histogram\"\n labels: [\"security_level\", \"exit_code\"]\n\n# Compliance and Audit\ncompliance:\n # Compliance frameworks\n frameworks:\n - name: \"SOC2\"\n requirements:\n - \"CC6.1 - Logical and physical access controls\"\n - \"CC6.6 - Vulnerability management\"\n - \"CC6.7 - Data transmission controls\"\n \n - name: \"ISO27001\"\n requirements:\n - \"A.9.1 - Access control policy\"\n - \"A.12.6 - Management of technical vulnerabilities\"\n - \"A.13.1 - Network security management\"\n \n - name: \"NIST\"\n requirements:\n - \"AC-2 - Account Management\"\n - \"AC-3 - Access Enforcement\"\n - \"SC-2 - Application Partitioning\"\n - \"SC-3 - Security Function Isolation\"\n \n # Audit requirements\n audit:\n enabled: true\n logLevel: \"info\"\n destinations:\n - \"vault\"\n - \"syslog\"\n - \"file\"\n retention: \"90d\"\n encryption: true\n \n # Required documentation\n documentation:\n - \"Security risk assessment\"\n - \"Container security policy\"\n - \"Incident response procedures\"\n - \"Security training records\"\n\n# Emergency Response\nemergencyResponse:\n # Automatic responses to critical security events\n automaticActions:\n - trigger: \"critical_vulnerability_detected\"\n actions:\n - \"terminate_container\"\n - \"quarantine_image\"\n - \"alert_security_team\"\n - \"create_incident\"\n \n - trigger: \"privilege_escalation_attempt\"\n actions:\n - \"terminate_container\"\n - \"block_user\"\n - \"alert_security_team\"\n - \"preserve_forensics\"\n \n - trigger: \"container_escape_attempt\"\n actions:\n - \"emergency_shutdown\"\n - \"isolate_host\"\n - \"alert_management\"\n - \"engage_incident_response\"\n \n # Contact information for security incidents\n contacts:\n securityTeam: \"security@company.com\"\n incidentResponse: \"ir@company.com\"\n management: \"ciso@company.com\"\n \n # Escalation procedures\n escalation:\n level1: \"5 minutes\"\n level2: \"15 minutes\"\n level3: \"30 minutes\"\n level4: \"immediate\""