Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Compliance > Kubernetes > CIS - GKE 1.0 > Control Plane Components >

Master Node Configuration Files

N/A
Source
Kube Bench
ID
1.1
Version
gke-1.0

1.1 Master Node Configuration Files

1.1.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictive (Not Scored)

This control cannot be modified in GKE.

1.1.2 Ensure that the API server pod specification file ownership is set to root:root (Not Scored)

This control cannot be modified in GKE.

1.1.3 Ensure that the controller manager pod specification file permissions are set to 644 or more restrictive (Not Scored)

This control cannot be modified in GKE.

1.1.4 Ensure that the controller manager pod specification file ownership is set to root:root (Not Scored)

This control cannot be modified in GKE.

1.1.5 Ensure that the scheduler pod specification file permissions are set to 644 or more restrictive (Not Scored)

This control cannot be modified in GKE.

1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root (Not Scored)

This control cannot be modified in GKE.

1.1.7 Ensure that the etcd pod specification file permissions are set to 644 or more restrictive (Not Scored)

This control cannot be modified in GKE.

1.1.8 Ensure that the etcd pod specification file ownership is set to root:root (Not Scored)

This control cannot be modified in GKE.

1.1.9 Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Not Scored)

This control cannot be modified in GKE.

1.1.10 Ensure that the Container Network Interface file ownership is set to root:root (Not Scored)

This control cannot be modified in GKE.

1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictive (Not Scored)

This control cannot be modified in GKE.

1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd (Not Scored)

This control cannot be modified in GKE.

1.1.13 Ensure that the admin.conf file permissions are set to 644 or more restrictive (Not Scored)

This control cannot be modified in GKE.

1.1.14 Ensure that the admin.conf file ownership is set to root:root (Not Scored)

This control cannot be modified in GKE.

1.1.15 Ensure that the scheduler.conf file permissions are set to 644 or more restrictive (Not Scored)

This control cannot be modified in GKE.

1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Not Scored)

This control cannot be modified in GKE.

1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Not Scored)

This control cannot be modified in GKE.

1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Not Scored)

This control cannot be modified in GKE.

1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Not Scored)

This control cannot be modified in GKE.

1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Not Scored)

This control cannot be modified in GKE.

1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Not Scored)

This control cannot be modified in GKE.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use