Kubernetes Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Kubernetes etcd must have file permissions set to 644 or more restrictive.
<VulnDiscussion>The Kubernetes etcd key-value store provides a way to store data to the Control Plane. If these files can be changed, data to...Rule Medium Severity -
SRG-APP-000516-CTR-001335
<GroupDescription></GroupDescription>Group -
The Kubernetes admin kubeconfig must have file permissions set to 644 or more restrictive.
<VulnDiscussion>The Kubernetes admin kubeconfig files contain the arguments and settings for the Control Plane services. These services are c...Rule Medium Severity -
SRG-APP-000516-CTR-001335
<GroupDescription></GroupDescription>Group -
SRG-APP-000190-CTR-000500
<GroupDescription></GroupDescription>Group -
SRG-APP-000014-CTR-000035
<GroupDescription></GroupDescription>Group -
The Kubernetes Scheduler must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination.
<VulnDiscussion>The Kubernetes Scheduler will prohibit the use of SSL and unauthorized versions of TLS protocols to properly secure communica...Rule Medium Severity -
SRG-APP-000014-CTR-000040
<GroupDescription></GroupDescription>Group -
The Kubernetes API Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination.
<VulnDiscussion>The Kubernetes API Server will prohibit the use of SSL and unauthorized versions of TLS protocols to properly secure communic...Rule Medium Severity -
SRG-APP-000014-CTR-000035
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.