Updated the policies (#1078)

Signed-off-by: Tejas-24ytj <tblamkhade24@gmail.com>

Author: Tejas-24ytj

generic/csp/audit-temp-usage.yaml

@@ -3,12 +3,12 @@ kind: KubeArmorClusterPolicy
 metadata:
   annotations:
     app.accuknox.com/type: harden
-  name: audit-tmp-usage
+  name: audit-process-exec-in-tmp
 spec:
   action: Audit
   severity: 3
   message: "Detected /tmp directory access"
-  file:
+  process:
     matchDirectories:
       - dir: /tmp/
         recursive: true

generic/csp/metadata.yaml

@@ -282,7 +282,7 @@ policyRules:
         hosts and local network devices, using port, vulnerability, or wordlist
         scans to identify potential attack surfaces.
     yaml: audit-pen-test-recon-tools.yaml
-  - name: audit-temp-usage
+  - name: audit-process-exec-in-tmp
     precondition:
       - OPTSCAN
     description:
@@ -308,28 +308,6 @@ policyRules:
         systems, including air-gapped networks, often using autorun or tricking
         users into executing malicious files.
     yaml: external-devices-connected.yaml
-  - name: prevent-kubectl-cp
-    precondition:
-      - OPTSCAN
-    description:
-      refs:
-        - name:  MITRE_T1105
-          url:
-            - https://attack.mitre.org/techniques/T1105/
-      tldr: Block kubectl cp for security
-      detailed: Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp. Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment
-    yaml: prevent-kubectl-cp.yaml
-  - name: prevent-shell-exec
-    precondition:
-      - OPTSCAN
-    description:
-      refs:
-        - name: MITRE_T1059    
-          url:
-            - https://attack.mitre.org/techniques/T1059/
-      tldr: Prevent shell execution in kube-system namespace
-      detailed: Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities.
-    yaml: prevent-shell-exec.yaml
   - name: env-preset
     precondition:
       - OPTSCAN

generic/csp/prevent-kubectl-cp.yaml

@@ -5,8 +5,8 @@ metadata:
     app.accuknox.com/type: harden
   name: remote-file-copy
 spec:
-  action: Block
-  message: "Blocked Remote file copy utility execution"
+  action: Audit
+  message: "Detected Remote file copy utility execution"
   process:
     matchPaths:
       - execname: scp