1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Ensure that Kubernetes PKI certificate files have permissions of 600 or more restrictive.

Kubernetes makes use of a number of certificate files as part of the operation of its components. The permissions on these files should be set to 600 or more restrictive to protect their integrity and confidentiality.

Solution

Run the below command (based on the file location on your system) on the Control Plane node. For example,

chmod -R 600 /etc/kubernetes/pki/*.crt

Impact:

None

See Also

https://workbench.cisecurity.org/benchmarks/17568