3.1.4 Ensure that the kubelet configuration file ownership is set to root:root

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Ensure that if the kubelet configuration file exists, it is owned by root:root.

The kubelet reads various parameters, including security settings, from a config file specified by the --config argument. If this file is specified you should restrict its file permissions to maintain the integrity of the file. The file should be owned by root:root.

Solution

Run the following command (using the config file location identified in the Audit step):

chown root:root <kubelet_config_file>

Impact:

Overly permissive file access increases the security risk to the platform.

See Also

https://workbench.cisecurity.org/benchmarks/16093