UCF STIG Viewer Logo

The Kubernetes etcd must have file permissions set to 644 or more restrictive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-242459 CNTR-K8-003260 SV-242459r712733_rule Medium
Description
The Kubernetes etcd key-value store provides a way to store data to the Master Node. If these files can be changed, data to API object and master node would be compromised.
STIG Date
Kubernetes Security Technical Implementation Guide 2021-11-22

Details

Check Text ( C-45734r712731_chk )
Review the permissions of the Kubernetes etcd by using the command:

stat -c %a /var/lib/etcd/*

If any of the files are have permissions more permissive than "644", this is a finding.
Fix Text (F-45692r712732_fix)
Change the permissions of the manifest files to "644" by executing the command:

chmod 644/var/lib/etcd/*