Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Compliance > Kubernetes > CIS - RedHat 1.0 > Worker Node Security Configuration >

Worker Node Configuration Files

N/A
Source
Kube Bench
ID
4.1
Version
rh-1.0

4.1 Worker Node Configuration Files

4.1.1 Ensure that the kubelet service file permissions are set to 644 or more restrictive (Automated)

By default, the kubelet service file has permissions of 644.

4.1.2 Ensure that the kubelet service file ownership is set to root:root (Automated)

By default, the kubelet service file has ownership of root:root.

4.1.3 If proxy kubeconfig file exists ensure permissions are set to 644 or more restrictive (Manual)

None needed.

4.1.4 Ensure that the proxy kubeconfig file ownership is set to root:root (Manual)

None required. The configuration is managed by OpenShift operators.

4.1.5 Ensure that the –kubeconfig kubelet.conf file permissions are set to 644 or more restrictive (Manual)

None required.

4.1.6 Ensure that the –kubeconfig kubelet.conf file ownership is set to root:root (Manual)

None required.

4.1.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Automated)

None required.

4.1.8 Ensure that the client certificate authorities file ownership is set to root:root (Automated)

None required.

4.1.9 Ensure that the kubelet –config configuration file has permissions set to 644 or more restrictive (Automated)

None required.

4.1.10 Ensure that the kubelet configuration file ownership is set to root:root (Automated)

None required.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use