UCF STIG Viewer Logo

The Kubernetes etcd must have file permissions set to 644 or more restrictive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-242459 CNTR-K8-003260 SV-242459r864024_rule Medium
Description
The Kubernetes etcd key-value store provides a way to store data to the Control Plane. If these files can be changed, data to API object and Control Plane would be compromised.
STIG Date
Kubernetes Security Technical Implementation Guide 2022-12-02

Details

Check Text ( C-45734r712731_chk )
Review the permissions of the Kubernetes etcd by using the command:

stat -c %a /var/lib/etcd/*

If any of the files are have permissions more permissive than "644", this is a finding.
Fix Text (F-45692r712732_fix)
Change the permissions of the manifest files to "644" by executing the command:

chmod 644/var/lib/etcd/*