Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Kubernetes Controller Manager must disable profiling.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-242409 | CNTR-K8-000910 | SV-242409r712583_rule | Medium |
| Description |
|---|
| Kubernetes profiling provides the ability to analyze and troubleshoot Controller Manager events over a web interface on a host port. Enabling this service can expose details about the Kubernetes architecture. This service must not be enabled unless deemed necessary. |
| STIG | Date |
|---|---|
| Kubernetes Security Technical Implementation Guide | 2021-04-14 |
Details
| Check Text ( C-45684r712581_chk ) |
|---|
| Change to the /etc/kubernetes/manifests/ directory on the Kubernetes Master Node. Run the command: grep -i profiling * If the setting "profiling" is not configured in the Kubernetes Controller Manager manifest file or it is set to "True", this is a finding. |
| Fix Text (F-45642r712582_fix) |
|---|
| Edit the Kubernetes Controller Manager manifest file in the /etc/kubernetes/manifests directory on the Kubernetes Master Node. Set the argument "--profiling value" to "false". |