CNTR-K8-003260 - The Kubernetes etcd must have file permissions set to 644 or more restrictive.

Information

The Kubernetes etcd key-value store provides a way to store data to the Control Plane. If these files can be changed, data to API object and Control Plane would be compromised.

Solution

Change the permissions of the manifest files to '644' by executing the command:

chmod -R 644 /var/lib/etcd/*

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V2R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-242459r961863_rule, STIG-ID|CNTR-K8-003260, Vuln-ID|V-242459

Plugin: Unix

Control ID: 6ab35c581d1a2fc5806ed4085ec26419e13e6e56e14f996d2075113885b854f0