C-0112 - Ensure that the Kubernetes PKI key file permissions are set to 600
Prerequisites
Run Kubescape with host sensor (see here)
Framework
cis-v1.23-t1.0.1
Severity
High
Description of the the issue
Kubernetes makes use of a number of key files as part of the operation of its components. The permissions on these files should be set to 600
to protect their integrity and confidentiality.
Related resources
What does this control test
Ensure that Kubernetes PKI key files have permissions of 600
.
How to check it manually
Run the below command (based on the file location on your system) on the Control Plane node. For example,
ls -laR /etc/kubernetes/pki/*.key
Verify that the permissions are 600
.
Remediation
Run the below command (based on the file location on your system) on the Control Plane node. For example,
chmod -R 600 /etc/kubernetes/pki/*.key
Impact Statement
None
Default Value
By default, the keys used by Kubernetes are set to have permissions of 600
Example
No example
Updated 11 days ago