C-0109 - Ensure that the controller-manager.conf file ownership is set to root:root

Prerequisites

Run Kubescape with host sensor (see here)

Framework

cis-v1.23-t1.0.1

Severity

Medium

Description of the the issue

The controller-manager.conf file is the kubeconfig file for the Controller Manager. You should set its file ownership to maintain the integrity of the file. The file should be owned by root:root.

Related resources

What does this control test

Ensure that the controller-manager.conf file ownership is set to root:root.

How to check it manually

Run the below command (based on the file location on your system) on the Control Plane node. For example,

stat -c %U:%G /etc/kubernetes/controller-manager.conf

Verify that the ownership is set to root:root.

Remediation

Run the below command (based on the file location on your system) on the Control Plane node. For example,

chown root:root /etc/kubernetes/controller-manager.conf

Impact Statement

None

Default Value

By default, controller-manager.conf file ownership is set to root:root.

Example

No example