1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600

Information

Ensure that Kubernetes PKI key files have permissions of 600.

Rationale:

Kubernetes makes use of a number of key files as part of the operation of its components. The permissions on these files should be set to 600 to protect their integrity and confidentiality.

Impact:

None

Solution

Run the below command (based on the file location on your system) on the master node. For example,

chmod -R 600 /etc/kubernetes/pki/*.key

Default Value:

By default, the keys used by Kubernetes are set to have permissions of 600

See Also

https://workbench.cisecurity.org/files/2968

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-2, CSCv6|5.1, CSCv7|5.2

Plugin: Unix

Control ID: 07fab87bcee6fba9d380c8476e3181eb130c0f34b78e21990134d22d88a52159