1.1.15 Ensure that the Scheduler kubeconfig file permissions are set to 600 or more restrictive

Information

Ensure that the Scheduler kubeconfig file has permissions of 600 or more restrictive.

Rationale:

You should restrict the kubeconfig file permissions to maintain the integrity of the file. The file should be writable by only the administrators on the system.

Impact:

None.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

There is no remediation for updating the permissions of the kubeconfig file. The file is owned by an OpenShift operator and any changes to the file will result in a degraded cluster state.
Please do not attempt to remediate the permissions of this file.

Default Value:

By default, in OpenShift 4.14, the kubeconfig has permissions of 600.

In older versions of OpenShift, the kubeconfig has permissions of 644, and is not remediable. Please upgrade to OpenShift 4.14 when possible.

See Also

https://workbench.cisecurity.org/benchmarks/16094

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: OpenShift

Control ID: d60cb0afaa5a8cd55f0daef5a171d39396af9a88df523d04bab9631ca96a0dfe