Chapter 13
1 min read
Deep in the Mines
Audit and Update Old Infrastructure
Legacy infrastructure often becomes a blind spot in otherwise secure systems.
Legacy infrastructure often becomes a blind spot in otherwise secure systems.
New security controls assume:
- modern kernels,
- updated runtimes,
- predictable behavior.
Old components quietly break those assumptions.
Common Real-World Examples
- Old kernels blocking eBPF-based security tools
- Legacy container runtimes missing security flags
- Outdated base images incompatible with new mitigations
- Unsupported OS versions silently skipping patches
Practical Checks to Run Regularly
# check kernel version (critical for modern security tooling)
$ uname -r
# list nodes and their OS / kernel details
$ kubectl get nodes -o wide
For container images:
# scan for outdated base images and known CVEs
$ trivy image myapp:latest
The Lesson
Security isn't only about adding new defenses.
It's also about removing or upgrading what undermines them.
Quiet systems can still be dangerous — especially when everyone assumes they're safe.
Exercise
- How old is your base image?
- Are you using a base image that lies in a repo and is built once every five years? If so, consider creating scheduled CI jobs to check it for vulnerabilities and rebuild it regularly.