# KubeArmor is an open source software that enables you to protect your cloud workload at run-time.
# To learn more about KubeArmor visit: 
# https://www.accuknox.com/kubearmor/ 

apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
  name: ksp-cve-2020-24186-deny-wordpress-rce
  namespace: default # Change your namespace
spec:
  tags: ["CVE", "WordPress-RCE", "CVE-2020-24186"]
  message: "Alert! *.php file upload to wp-content subdirectory detected"
  selector:
    matchLabels:
      app: wordpress   #change this label with your label
  file:
    severity: 5
    matchPatterns:
    - pattern: /var/www/html/wp-content/uploads/**/*.php
    - pattern: /var/www/html/wp-content/uploads/**/*.sh
    action: Block