Navigate

Check: SRG-APP-000133-CTR-000305

Container Platform SRG: SRG-APP-000133-CTR-000305 (in versions v1 r5 through v1 r1)

Title

Configuration files for the container platform must be protected. (Cat II impact)

Discussion

The secure configuration of the container platform must be protected by disallowing changes to be implemented by non-privileged users. Changes to the container platform can introduce security risks or stability issues and undermine change management procedures. Securing configuration files from non-privileged user modification can be enforced using file ownership and permissions.

Check Content

Review the container platform to verify that configuration files cannot be modified by non-privileged users. If non-privileged users can modify configuration files, this is a finding.

Fix Text

Configure the container platform to only allow configuration modifications by privileged users.

Additional Identifiers

Rule ID: SV-233069r879586_rule

Vulnerability ID: V-233069

Group Title: SRG-APP-000133

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001499	The organization limits privileges to change software resident within software libraries.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-5 (6)	Limit Library Privileges