Compliance > Kubernetes > CIS - RedHat 0.7 > Worker Node Security Configuration >

Configuration Files

N/A

Source

Kube Bench

ID

8

Version

rh-0.7

8 Configuration Files

8.1 Verify the OpenShift default permissions for the kubelet.conf file

Recommended Action

Run the below command on each worker node. chmod 644 /etc/origin/node/node.kubeconfig

8.2 Verify the kubeconfig file ownership of root:root

Recommended Action

8.3 Verify the kubelet service file permissions of 644

Recommended Action

Run the below command on each worker node. chmod 644 $kubeletsvc

8.4 Verify the kubelet service file ownership of root:root

Recommended Action

8.5 Verify the OpenShift default permissions for the proxy kubeconfig file

Recommended Action

Run the below command on each worker node. chmod 644 /etc/origin/node/node.kubeconfig

8.6 Verify the proxy kubeconfig file ownership of root:root

Recommended Action

8.7 Verify the OpenShift default permissions for the certificate authorities file.

Recommended Action

Run the below command on each worker node. chmod 644 /etc/origin/node/client-ca.crt

8.8 Verify the client certificate authorities file ownership of root:root

Recommended Action

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

Copyright © 2023 Aqua Security Software Ltd. Privacy Policy | Terms of Use