1.1.17 Ensure that the controller-manager.conf file permissions are set to 600 or more restrictive

Information

Ensure that the controller-manager.conf file has permissions of 600 or more restrictive.

Rationale:

The controller-manager.conf file is the kubeconfig file for the Controller Manager. You should restrict its file permissions to maintain the integrity of the file. The file should be writable by only the administrators on the system.

Impact:

None

Solution

Run the below command (based on the file location on your system) on the Control Plane node. For example,

chmod 600 /etc/kubernetes/controller-manager.conf

Default Value:

By default, controller-manager.conf has permissions of 640.

See Also

https://workbench.cisecurity.org/benchmarks/16828

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: e8f4b2a54a8bdc9588def05b5f2c48e0ff56adb6e47abb8eb722d994a35e59d0