Profile applicability: Level 1 - Master Node
Ensure that the
admin.conf file (and super-admin.conf file,
where it exists) have permissions of 600.As part of initial cluster setup, default kubeconfig files are created to be used
by the
administrator of the cluster. These files contain private keys and certificates which
allow for
privileged access to the cluster. You should restrict their file permissions to maintain
the
integrity and confidentiality of the file(s). The file(s) should be readable and writable
by only
the administrators on the system.
 |
NoteBy default,
admin.conf and super-admin.conf have permissions
of 600. |
Audit
Run the following command (based on the file location on your system) on the Control
Plane
node.
stat -c %a /etc/kubernetes/admin.conf
On Kubernetes version 1.29 and higher run the following command as well.
stat -c %a /etc/kubernetes/super-admin.conf
Verify that the permissions are 600 or more restrictive.
Remediation
Run the below command (based on the file location on your system) on the Control Plane
node.
chmod 600 /etc/kubernetes/admin.conf
On Kubernetes 1.29+ the
super-admin.conf file should also be modified, if
present.chmod 600 /etc/kubernetes/super-admin.conf