CIS-1.1.14 - Ensure that the admin.conf file ownership is set to root:root

Ensure that the admin.conf file ownership is set to root:root

Note: to enable this control run Kubescape with host sensor (see here)

Framework

CIS

Severity

High

Description of the the issue

The admin.conf file contains the admin credentials for the cluster. You should set its file ownership to maintain the integrity and confidentiality of the file. The file should be owned by root:root.

Related resources

What does this control test

Ensure that the admin.conf file ownership is set to root:root.

How to check it manually

Run the below command (based on the file location on your system) on the Control Plane node. For example,

stat -c %U:%G /etc/kubernetes/admin.conf

Verify that the ownership is set to root:root.

Remediation

Run the below command (based on the file location on your system) on the Control Plane node. For example,

chown root:root /etc/kubernetes/admin.conf

Impact Statement

None.

Default Value

By default, admin.conf file ownership is set to root:root.

Example

No example