C-0168 - Ensure that the certificate authorities file permissions are set to 600 or more restrictive
Prerequisites
Run Kubescape with host sensor (see here)
Framework
cis-v1.23-t1.0.1
Severity
High
Description of the the issue
The certificate authorities file controls the authorities used to validate API requests. You should restrict its file permissions to maintain the integrity of the file. The file should be writable by only the administrators on the system.
Related resources
What does this control test
Ensure that the certificate authorities file has permissions of 600
or more restrictive.
How to check it manually
Run the following command:
ps -ef | grep kubelet
Find the file specified by the --client-ca-file
argument.
Run the following command:
stat -c %a <filename>
Verify that the permissions are 644
or more restrictive.
Remediation
Run the following command to modify the file permissions of the --client-ca-file
chmod 600 <filename>
Impact Statement
None
Default Value
By default no --client-ca-file
is specified.
Example
No example
Updated 11 days ago