CNTR-K8-000890 – The Kubernetes kubelet configuration files must have file permissions set to 644 or more restrictive.

Details

The kubelet configuration file contains the runtime configuration of the kubelet service. If an attacker can gain access to this file, changes can be made to open vulnerabilities and bypass user authorizations inherit within Kubernetes with RBAC implemented.

Solution

On the Master node, change to the /etc/kubernetes/manifest directory. Run the command:

chmod 644 kubelet

To verify the change took place, run the command:

ls -l kubelet

The kubelet file should now have the permissions of ‘644’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V1R4_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-5(6)
CAT|II
CCI|CCI-001499
CSCv6|3.1
Rule-ID|SV-242407r799982_rule
STIG-ID|CNTR-K8-000890
Vuln-ID|V-242407

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles