Red Hat Advanced Cluster Security for Kubernetes (RHACS) provides the ability to audit the processes that are listening on ports in your secured clusters and filter this data by deployment, namespace, or cluster.

You can view information about processes and ports that they are listening on by using the following methods:

  • In the RHACS web portal, navigate to NetworkListening Endpoints.

  • Connect to the ListeningEndpointsService object in the API. For more information on the API, navigate to HelpAPI reference in the RHACS web portal.

The page provides a list of processes by deployment, with the following information displayed for each process on the list:

  • Deployment name

  • Cluster

  • Namespace

  • Count, or the number of processes listening on the ports in the deployment

You can further filter the information displayed on the page by using the filter field and entering individual deployments, namespaces, and clusters.

Click the expand icon at the top of the list to expand all sections for all deployments listed, or click the expand icon on a single deployment line to view additional information about that deployment. The following information is provided:

  • Exec file path: Location of the process

  • PID: System ID of the process

  • Port: Port on which the process is listening

  • Protocol: Protocol in use by the process

  • Pod ID: Name of the pod where the process is contained

Clicking on a deployment name brings you to the Risk page in the RHACS web portal, where you can view information about the deployment, including risk indicators such as policy violations and additional deployment details.