1.1.13 Ensure that the admin.conf file permissions are set to 600 or more restrictive

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Ensure that the admin.conf file has permissions of 600 or more restrictive.

Rationale:

The admin.conf is the administrator kubeconfig file defining various settings for the administration of the cluster. You should restrict its file permissions to maintain the integrity of the file. The file should be writable by only the administrators on the system.

Impact:

None.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Execute the command below:

chmod 600 /etc/kubernetes/kubeconfig/admin.config

Default Value:

By default, in OpenShift 4, kubeconfig has permissions of 644.

See Also

https://workbench.cisecurity.org/files/4260