Profile applicability: Level 1 - Master Node
Ensure that the
admin.conf (and super-admin.conf file, where
it exists) file ownership is set to root:root.As part of initial cluster setup, default kubeconfig files are created to be used
by the
administrator of the cluster. These files contain private keys and certificates which
allow for
privileged access to the cluster. You should set their file ownership to maintain
the integrity
and confidentiality of the file. The file(s) should be owned by
root:root. |
NoteBy default,
admin.conf and super-admin.conf file ownership
is set to root:root. |
Audit
Run the below command (based on the file location on your system) on the Control Plane
node.
stat -c %U:%G /etc/kubernetes/admin.conf
On Kubernetes version 1.29 and higher run the following command as well.
stat -c %a /etc/kubernetes/super-admin.conf
Verify that the ownership is set to
root:root.Remediation
Run the below command (based on the file location on your system) on the Control Plane
node.
chown root:root /etc/kubernetes/admin.conf
On Kubernetes 1.29+ the
super-admin.conf file should also be modified, if
present.chown root:root /etc/kubernetes/super-admin.conf