1.1.13 Ensure that the kubeconfig file permissions are set to 600 or more restrictive

Information

Ensure that the kubeconfig file has permissions of 600 or more restrictive.

Rationale:

The administrator kubeconfig file defines various settings for the administration of the cluster. You should restrict its file permissions to maintain the integrity of the file. The file should be writable by only the administrators on the system.

Impact:

None.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

There is no remediation for updating the permissions of kubeconfig. The file is owned by an OpenShift operator and any changes to the file will result in a degraded cluster state.
Please do not attempt to remediate the permissions of this file.

Default Value:

By default, in OpenShift 4.14, the kubeconfig has permissions of 600.

In older versions of OpenShift, the kubeconfig has permissions of 644, and is not remediable. Please upgrade to OpenShift 4.14 when possible.

See Also

https://workbench.cisecurity.org/benchmarks/16094

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: OpenShift

Control ID: 96b0d70fe7723b8161ecbc63bad1f943367543b159fac9d3708d00ebb330ca4c