>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

V-242459The Kubernetes etcd must have file permissions set to 644 or more restrictive.

CAT II - Medium
CNTR-K8-003260

>Control Description

The Kubernetes etcd key-value store provides a way to store data to the Control Plane. If these files can be changed, data to API object and Control Plane would be compromised.

>Check Content

Review the permissions of the Kubernetes etcd by using the command: ls -AR /var/lib/etcd/* If any of the files have permissions more permissive than "644", this is a finding.

>Remediation

Change the permissions of the manifest files to "644" by executing the command: chmod -R 644 /var/lib/etcd/*

>CCI References

CCI-000366

Control Correlation Identifiers (CCIs) map STIG findings to NIST 800-53 controls.

>Cross-Framework Mappings

NIST SP 800-53 r5

via DISA CCI List
CM-6
Compare

Ask AI

Configure your API key to use AI features.