STIGQter STIGQter: STIG Summary: Kubernetes Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Kubernetes kubelet service must have file permissions set to 644 or more restrictive.

DISA Rule

SV-242455r712721_rule

Vulnerability Number

V-242455

Group Title

SRG-APP-000516-CTR-001325

Rule Version

CNTR-K8-003220

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Change the permissions of Kubeadm to "644" by executing the command:

chown 644 /usr/bin/kubeadm

Check Contents

Review the permissions of the Kubernetes kubelet by using the command:

stat -c %a /usr/bin/kubeadm

If any of the files have permissions more permissive than "644", this is a finding.

Vulnerability Number

V-242455

Documentable

False

Rule Version

CNTR-K8-003220

Severity Override Guidance

Review the permissions of the Kubernetes kubelet by using the command:

stat -c %a /usr/bin/kubeadm

If any of the files have permissions more permissive than "644", this is a finding.

Check Content Reference

M

Target Key

5376

Comments