CNTR-K8-000910 - Kubernetes Controller Manager must disable profiling.

Information

Kubernetes profiling provides the ability to analyze and troubleshoot Controller Manager events over a web interface on a host port. Enabling this service can expose details about the Kubernetes architecture. This service must not be enabled unless deemed necessary.

Solution

Edit the Kubernetes Controller Manager manifest file in the /etc/kubernetes/manifests directory on the Kubernetes Control Plane. Set the argument '--profiling value' to 'false'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V2R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-242409r960963_rule, STIG-ID|CNTR-K8-000910, Vuln-ID|V-242409

Plugin: Unix

Control ID: 2423131e24eb3f5f8003ac69d02a1674213d8be76415798f26f27f085f2ed98d