1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Ensure that Kubernetes PKI key files have permissions of 600.

Rationale:

Kubernetes makes use of a number of key files as part of the operation of its components. The permissions on these files should be set to 600 to protect their integrity and confidentiality.

Solution

Run the below command (based on the file location on your system) on the master node. For example,

chmod -R 600 /etc/kubernetes/pki/*.key

Impact:

None

Default Value:

By default, the keys used by Kubernetes are set to have permissions of 600

References:

https://kubernetes.io/docs/admin/kube-apiserver/

See Also

https://workbench.cisecurity.org/files/2662

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv6|5.1, CSCv7|5.2

Plugin: Unix

Control ID: 181aa484c22a14fc49864a73bcae44ebb806de4b0de583ec53d61a09dbace184