Details

Ensure that the scheduler.conf file ownership is set to root:root.

Rationale:

The scheduler.conf file is the kubeconfig file for the Scheduler. You should set its file ownership to maintain the integrity of the file. The file should be owned by root:root.

Impact:

None

Solution

Run the below command (based on the file location on your system) on the master node. For example,

chown root:root /etc/kubernetes/scheduler.conf

Default Value:

By default, scheduler.conf file ownership is set to root:root.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3371

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.
• CSCv6|3.1
• CSCv6|5.1
• CSCv7|4

Source

• Tenable.com/audits