1.1.13 Ensure that the admin.conf file permissions are set to 644 or more restrictive

Information

Ensure that the admin.conf file has permissions of 644 or more restrictive.

Rationale:

The admin.conf is the administrator kubeconfig file defining various settings for the administration of the cluster. You should restrict its file permissions to maintain the integrity of the file. The file should be writable by only the administrators on the system.

Impact:

None.

Solution

Run the below command (based on the file location on your system) on the master node. For example,

chmod 644 /etc/kubernetes/admin.conf

Default Value:

By default, admin.conf has permissions of 640.

See Also

https://workbench.cisecurity.org/files/3371

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|MP-2, CSCv6|5.1, CSCv7|14.6

Plugin: Unix

Control ID: 76a4d70bc281b2f8b8398d1b6bea6907a097e3a08e05a92ee45d3e6492149fbf