Ensure that the Container Network Interface file ownership is set to root:root
Details Ensure that the Container Network Interface files have ownership set to root:root. Rationale: Container Network Interface provides various networking...
- Home
- Security Hardening
- CIS Kubernetes V1.20 Benchmark V1.0.0 L1 Master
CIS Kubernetes V1.20 Benchmark V1.0.0 L1 Master
Ensure that the Container Network Interface file permissions are set to 644 or more restrictive
Details Ensure that the Container Network Interface files have permissions of 644 or more restrictive. Rationale: Container Network Interface provides...Ensure that the controller-manager.conf file ownership is set to root:root
Details Ensure that the controller-manager.conf file ownership is set to root:root. Rationale: The controller-manager.conf file is the kubeconfig file for...Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive
Details Ensure that the controller-manager.conf file has permissions of 644 or more restrictive. Rationale: The controller-manager.conf file is the kubeconfig...Ensure that the controller manager pod specification file ownership is set to root:root
Details Ensure that the controller manager pod specification file ownership is set to root:root. Rationale: The controller manager pod specification...Ensure that the controller manager pod specification file permissions are set to 644 or more restrictive
Details Ensure that the controller manager pod specification file has permissions of 644 or more restrictive. Rationale: The controller manager...Ensure that the etcd pod specification file permissions are set to 644 or more restrictive
Details Ensure that the /etc/kubernetes/manifests/etcd.yaml file has permissions of 644 or more restrictive. Rationale: The etcd pod specification file /etc/kubernetes/manifests/etcd.yaml...Ensure that the -etcd-certfile and -etcd-keyfile arguments are set as appropriate – certfile
Details etcd should be configured to make use of TLS encryption for client connections. Rationale: etcd is a highly-available key...Ensure that the -etcd-certfile and -etcd-keyfile arguments are set as appropriate – keyfile
Details etcd should be configured to make use of TLS encryption for client connections. Rationale: etcd is a highly-available key...Ensure that the etcd data directory ownership is set to etcd:etcd
Details Ensure that the etcd data directory ownership is set to etcd:etcd. Rationale: etcd is a highly-available key-value store used...