1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictive

Information

Ensure that the etcd data directory has permissions of 700 or more restrictive.

Rationale:

etcd is a highly-available key-value store used by Kubernetes deployments for persistent storage of all of its REST API objects. This data directory should be protected from any unauthorized reads or writes. It should not be readable or writable by any group members or the world.

Impact:

None

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

No remediation required. File permissions are managed by the etcd operator.

Default Value:

By default, etcd data directory has permissions of 700.

See Also

https://workbench.cisecurity.org/benchmarks/16094

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: OpenShift

Control ID: 94dd4d76fa34db52698f66af47f99aa1fb6b0c0eed4ca484a12bcf6fa2d88904