An error occurred:

Check: CNTR-K8-000910

Kubernetes STIG: CNTR-K8-000910 (in versions v1 r11 through v1 r7)

Title

Kubernetes Controller Manager must disable profiling. (Cat II impact)

Discussion

Kubernetes profiling provides the ability to analyze and troubleshoot Controller Manager events over a web interface on a host port. Enabling this service can expose details about the Kubernetes architecture. This service must not be enabled unless deemed necessary.

Check Content

Change to the /etc/kubernetes/manifests/ directory on the Kubernetes Control Plane. Run the command: grep -i profiling * If the setting "profiling" is not configured in the Kubernetes Controller Manager manifest file or it is set to "True", this is a finding.

Fix Text

Edit the Kubernetes Controller Manager manifest file in the /etc/kubernetes/manifests directory on the Kubernetes Control Plane. Set the argument "--profiling value" to "false".

Additional Identifiers

Rule ID: SV-242409r879587_rule

Vulnerability ID: V-242409

Group Title: SRG-APP-000141-CTR-000315

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000381

The organization configures the information system to provide only essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-7

Least Functionality