CNTR-K8-000880 – The Kubernetes kubelet configuration file must be owned by root.

Details

The kubelet configuration file contains the runtime configuration of the kubelet service. If an attacker can gain access to this file, changes can be made to open vulnerabilities and bypass user authorizations inherent within Kubernetes with RBAC implemented.

Solution

On the Master and Worker nodes, change to the /etc/sysconfig directory. Run the command:

chown root:root kubelet

To verify the change took place, run the command:

ls -l kubelet

The kubelet file should now be owned by root:root.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V1R4_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-5(6)
CAT|II
CCI|CCI-001499
CSCv6|3.1
Rule-ID|SV-242406r712574_rule
STIG-ID|CNTR-K8-000880
Vuln-ID|V-242406

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles