STIGQter: STIG Summary: Kubernetes Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021: STIGQter: STIG Summary: Kubernetes Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:SV-242398r717019_rule
V-242398
SRG-APP-000033-CTR-000100
CNTR-K8-000450
CAT II
10
Edit any manifest files or kubelet config files that contain the feature-gates setting with DynamicAuditing set to "true". Set the flag to "false" or remove the "DynamicAuditing" setting completely. Restart the kubelet service if the kubelet config file if the kubelet config file is changed.
On the Master node, change to the manifests' directory at /etc/kubernetes/manifests and run the command:
grep -i feature-gates *
Review the feature-gates setting, if one is returned.
If the feature-gates setting is available and contains the DynamicAuditing flag set to "true", this is a finding.
Change to the directory /etc/sysconfig on the Master and each Worker Node and execute the command:
grep -i feature-gates kubelet
Review every feature-gates setting that is returned.
If any feature-gates setting is available and contains the "DynamicAuditing" flag set to "true", this is a finding.
V-242398
False
CNTR-K8-000450
On the Master node, change to the manifests' directory at /etc/kubernetes/manifests and run the command:
grep -i feature-gates *
Review the feature-gates setting, if one is returned.
If the feature-gates setting is available and contains the DynamicAuditing flag set to "true", this is a finding.
Change to the directory /etc/sysconfig on the Master and each Worker Node and execute the command:
grep -i feature-gates kubelet
Review every feature-gates setting that is returned.
If any feature-gates setting is available and contains the "DynamicAuditing" flag set to "true", this is a finding.
M
5376