Check: CNTR-K8-003260
Kubernetes STIG:
CNTR-K8-003260
(in versions v1 r11 through v1 r10)
Title
The Kubernetes etcd must have file permissions set to 644 or more restrictive. (Cat II impact)
Discussion
The Kubernetes etcd key-value store provides a way to store data to the Control Plane. If these files can be changed, data to API object and Control Plane would be compromised.
Check Content
Review the permissions of the Kubernetes etcd by using the command: ls -AR /var/lib/etcd/* If any of the files have permissions more permissive than "644", this is a finding.
Fix Text
Change the permissions of the manifest files to "644" by executing the command: chmod -R 644 /var/lib/etcd/*
Additional Identifiers
Rule ID: SV-242459r918200_rule
Vulnerability ID: V-242459
Group Title: SRG-APP-000516-CTR-001335
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |