Details

Worker Nodes are maintained and monitored by the Master Node. Direct access and manipulation of the nodes must not take place by administrators. Worker nodes must be treated as immutable and updated via replacement rather than in-place upgrades.

Solution

To disable the sshd service, run the command:

chkconfig sshd off

Note: If access to the worker node is through an SSH session, it is important to realize there are two requirements for disabling and stopping the sshd service that must be done during the same SSH session. Disabling the service must be performed first and then the service stopped to guarantee both settings can be made if the session is interrupted.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V1R4_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

• 800-53|AC-3
• CAT|II
• CCI|CCI-000213
• CSCv6|3.1
• Rule-ID|SV-242394r717017_rule
• STIG-ID|CNTR-K8-000410
• Vuln-ID|V-242394

Source

• Tenable.com/audits