Check: CNTR-K8-003260
      
      
        
  Kubernetes STIG:
  CNTR-K8-003260
  
    (in versions v2 r4 through v1 r10)
  
      
      
    
  Title
The Kubernetes etcd must have file permissions set to 644 or more restrictive. (Cat II impact)
Discussion
The Kubernetes etcd key-value store provides a way to store data to the Control Plane. If these files can be changed, data to API object and Control Plane would be compromised.
Check Content
Review the permissions of the Kubernetes etcd by using the command: ls -AR /var/lib/etcd/* If any of the files have permissions more permissive than "644", this is a finding.
Fix Text
Change the permissions of the manifest files to "644" by executing the command: chmod -R 644 /var/lib/etcd/*
Additional Identifiers
Rule ID: SV-242459r961863_rule
Vulnerability ID: V-242459
Group Title: SRG-APP-000516-CTR-001335
Expert Comments
      Expert comments are only available to logged-in users.
    
  
  
      
        
        
      
      
        
  CCIs
      
      
        
        
      
    
  
    
  CCIs tied to check.
  
  
  | Number | Definition | 
|---|---|
| CCI-000366 | Implement the security configuration settings. | 
      
        
        
      
      
        
  Controls
      
      
        
        
      
    
  
    
  Controls tied to check. These are derived from the CCIs shown above.
  
  
  | Number | Title | 
|---|---|
| CM-6 | Configuration Settings |