If proxy kubeconfig file exists ensure ownership is set to root:root

Details

If kube-proxy is running, ensure that the file ownership of its kubeconfig file is set to root:root.

Rationale:

The kubeconfig file for kube-proxy controls various parameters for the kube-proxy service in the worker node. You should set its file ownership to maintain the integrity of the file. The file should be owned by root:root.

Impact:

None

Solution

Run the below command (based on the file location on your system) on the each worker node. For example,

chown root:root

Default Value:

By default, proxy file ownership is set to root:root.

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/3371

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CSCv6|3.1
CSCv6|5.1
CSCv7|4

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles