UCF STIG Viewer Logo

The Kubernetes etcd must have file permissions set to 644 or more restrictive.


Finding ID Version Rule ID IA Controls Severity
V-242459 CNTR-K8-003260 SV-242459r864024_rule Medium
The Kubernetes etcd key-value store provides a way to store data to the Control Plane. If these files can be changed, data to API object and Control Plane would be compromised.
Kubernetes Security Technical Implementation Guide 2022-12-02


Check Text ( C-45734r712731_chk )
Review the permissions of the Kubernetes etcd by using the command:

stat -c %a /var/lib/etcd/*

If any of the files are have permissions more permissive than "644", this is a finding.
Fix Text (F-45692r712732_fix)
Change the permissions of the manifest files to "644" by executing the command:

chmod 644/var/lib/etcd/*