1.2.21 Ensure that the healthz endpoint is protected by RBAC

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Disable profiling, if not needed.

Rationale:

Profiling allows for the identification of specific performance bottlenecks. It generates a significant amount of program data that could potentially be exploited to uncover system and program details. If you are not experiencing any bottlenecks and do not need the profiler for troubleshooting purposes, it is recommended to turn it off to reduce the potential attack surface.

Impact:

Profiling information would not be available.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

None required as profiling data is protected by RBAC.

Default Value:

By default, profiling is enabled.

See Also

https://workbench.cisecurity.org/files/3980