Title

Kubernetes Kubelet must enable kernel protection. (Cat I impact)

Discussion

System kernel is responsible for memory, disk, and task management. The kernel provides a gateway between the system hardware and software. Kubernetes requires kernel access to allocate resources to the Control Plane. Threat actors that penetrate the system kernel can inject malicious code or hijack the Kubernetes architecture. It is vital to implement protections through Kubernetes components to reduce the attack surface.

Check Content

Change to the /etc/sysconfig/ directory on the Kubernetes Control Plane. Run the command: grep -i protect-kernel-defaults kubelet If the setting "protect-kernel-defaults" is set to false or not set in the Kubernetes Kubelet, this is a finding.

Fix Text

Edit the Kubernetes Kubelet file in the /etc/sysconfig directory on the Kubernetes Control Plane. Set the argument "--protect-kernel-defaults" to "true". Reset Kubelet service using the following command: service kubelet restart

Additional Identifiers

Rule ID: SV-242434r879643_rule

Vulnerability ID: V-242434

Group Title: SRG-APP-000233-CTR-000585

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.