Ensure that the etcd data directory ownership is set to etcd:etcd. Rationale: etcd is a highly-available key-value store used by Kubernetes deployments for persistent storage of all of its REST API objects. This data directory should be protected from any unauthorized reads or writes. It should be owned by etcd:etcd. NOTE: The only users that exist on an RHCOS OpenShift node are root and core. This is intentional, as regular management of the underlying RHCOS cluster nodes is designed to be performed via the OpenShift API itself. The core user is a member of the wheel group, which gives it permission to use sudo for running privileged commands. Adding additional users at the node level is highly discouraged. Impact: None NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
No remediation required; file ownership is managed by the operator. Default Value: By default, in OpenShift 4, etcd data directory ownership is set to root:root.