If the kubelet config.yaml configuration file is being used validate file ownership is set to root:root
Note: to enable this control run Kubescape with host sensor (see here)
The kubelet reads various parameters, including security settings, from a config file specified by the
--config argument. If this file is specified you should restrict its file permissions to maintain the integrity of the file. The file should be owned by root:root.
Ensure that if the kubelet refers to a configuration file with the
--config argument, that file is owned by root:root.
Run the below command (based on the file location on your system) on the each worker node. For example,
stat -c %a /var/lib/kubelet/config.yaml ```Verify that the ownership is set to `root:root`.
Run the following command (using the config file location identied in the Audit step)
chown root:root /etc/kubernetes/kubelet.conf
/var/lib/kubelet/config.yaml file as set up by
kubeadm is owned by
Updated 12 days ago