Rancher RKE2 must remove old components after updated versions have been installed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254574 | CNTR-R2-001580 | SV-254574r879825_rule | Medium |
| Description |
|---|
| Previous versions of Rancher RKE2 components that are not removed after updates have been installed may be exploited by adversaries by causing older components to execute which contain vulnerabilities. When these components are deleted, the likelihood of this happening is removed. |
| STIG | Date |
|---|---|
| Rancher Government Solutions RKE2 Security Technical Implementation Guide | 2023-11-30 |
Details
| Check Text ( C-58058r859290_chk ) |
|---|
| To view all pods and the images used to create the pods, from the RKE2 Control Plane, run the following command: kubectl get pods --all-namespaces -o jsonpath="{..image}" | \ tr -s '[[:space:]]' '\n' | \ sort | \ uniq -c Review the images used for pods running within Kubernetes. If there are multiple versions of the same image, this is a finding. |
| Fix Text (F-58007r859291_fix) |
|---|
| Remove any old pods that are using older images. On the RKE2 Control Plane, run the command: kubectl delete pod podname (Note: "podname" is the name of the pod to delete.) Run the command: systemctl restart rke2-server |