Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Compliance > Kubernetes > CIS - Rke CIS 1.23 > Worker Node Security Configuration >

Worker Node Configuration Files

N/A
Source
Kube Bench
ID
4.1
Version
rke-cis-1.23

4.1 Worker Node Configuration Files

4.1.1 Ensure that the kubelet service file permissions are set to 644 or more restrictive (Automated)

Cluster provisioned by RKE doesn’t require or maintain a configuration file for the kubelet service. All configuration is passed in as arguments at container run time.

4.1.2 Ensure that the kubelet service file ownership is set to root:root (Automated)

Cluster provisioned by RKE doesn’t require or maintain a configuration file for the kubelet service. All configuration is passed in as arguments at container run time.

4.1.3 If proxy kubeconfig file exists ensure permissions are set to 644 or more restrictive (Manual)

Run the below command (based on the file location on your system) on the each worker node. For example, chmod 644 $proxykubeconfig

4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:root (Manual)

Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig

4.1.5 Ensure that the –kubeconfig kubelet.conf file permissions are set to 644 or more restrictive (Automated)

Run the below command (based on the file location on your system) on the each worker node. For example, chmod 644 $kubeletkubeconfig

4.1.6 Ensure that the –kubeconfig kubelet.conf file ownership is set to root:root (Automated)

Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $kubeletkubeconfig

4.1.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Automated)

Run the following command to modify the file permissions of the –client-ca-file chmod 644

4.1.8 Ensure that the client certificate authorities file ownership is set to root:root (Automated)

Run the following command to modify the ownership of the –client-ca-file. chown root:root

4.1.9 Ensure that the kubelet –config configuration file has permissions set to 644 or more restrictive (Automated)

Clusters provisioned by RKE doesn’t require or maintain a configuration file for the kubelet. All configuration is passed in as arguments at container run time.

Clusters provisioned by RKE doesn’t require or maintain a configuration file for the kubelet. All configuration is passed in as arguments at container run time.

4.1.10 Ensure that the kubelet –config configuration file ownership is set to root:root (Automated)

Clusters provisioned by RKE doesn’t require or maintain a configuration file for the kubelet. All configuration is passed in as arguments at container run time.

Clusters provisioned by RKE doesn’t require or maintain a configuration file for the kubelet. All configuration is passed in as arguments at container run time.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use