1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictive

Information

Ensure that the API server pod specification file has permissions of 600 or more restrictive.

Rationale:

The API server pod specification file controls various parameters that set the behavior of the API server. You should restrict its file permissions to maintain the integrity of the file. The file should be writable by only the administrators on the system.

Impact:

None

Solution

Run the below command (based on the file location on your system) on the Control Plane node. For example,

chmod 600 /etc/kubernetes/manifests/kube-apiserver.yaml

Default Value:

By default, the kube-apiserver.yaml file has permissions of 640.

See Also

https://workbench.cisecurity.org/benchmarks/16828

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: ee377bd9adf38d8cd363091ef083cdadd4688576b5f564cbef130974964d10d2