An error occurred:

Check: CNTR-K8-003230

Kubernetes STIG: CNTR-K8-003230 (in versions v1 r11 through v1 r1)

Title

The Kubernetes kubelet config must have file permissions set to 644 or more restrictive. (Cat II impact)

Discussion

The Kubernetes kubelet agent registers nodes with the API server and performs health checks to containers within pods. If this file can be modified, the information system would be unaware of pod or container degradation.

Check Content

Review the permissions of the Kubernetes config.yaml by using the command: stat -c %a /var/lib/kubelet/config.yaml If any of the files are have permissions more permissive than "644", this is a finding.

Fix Text

Change the permissions of the config.yaml to "644" by executing the command: chmod 644 /var/lib/kubelet/config.yaml

Additional Identifiers

Rule ID: SV-242456r879887_rule

Vulnerability ID: V-242456

Group Title: SRG-APP-000516-CTR-001330

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings