1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600

Information

Ensure that Kubernetes PKI key files have permissions of 600.

Rationale:

Kubernetes makes use of a number of key files as part of the operation of its components. The permissions on these files should be set to 600 to protect their integrity and confidentiality.

Impact:

None

Solution

Run the below command (based on the file location on your system) on the master node. For example,

chmod -R 600 /etc/kubernetes/pki/*.key

Default Value:

By default, the keys used by Kubernetes are set to have permissions of 600

See Also

https://workbench.cisecurity.org/files/3371

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|MP-2, CSCv6|5.1, CSCv7|14.6

Plugin: Unix

Control ID: 503f30b76c1c2779ac33a8c4564a360c1cad7622fe3f5d266003e5a134f4c38a