UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Kubernetes etcd must have file permissions set to 644 or more restrictive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-242459 CNTR-K8-003260 SV-242459r918200_rule Medium
Description
The Kubernetes etcd key-value store provides a way to store data to the Control Plane. If these files can be changed, data to API object and Control Plane would be compromised.
STIG Date
Kubernetes Security Technical Implementation Guide 2023-08-29

Details

Check Text ( C-45734r918198_chk )
Review the permissions of the Kubernetes etcd by using the command:

ls -AR /var/lib/etcd/*

If any of the files have permissions more permissive than "644", this is a finding.
Fix Text (F-45692r918199_fix)
Change the permissions of the manifest files to "644" by executing the command:

chmod -R 644 /var/lib/etcd/*