The Kubernetes etcd must have file permissions set to 644 or more restrictive.
An XCCDF Rule
Description
The Kubernetes etcd key-value store provides a way to store data to the Control Plane. If these files can be changed, data to API object and Control Plane would be compromised.
- ID
- SV-242459r961863_rule
- Version
- CNTR-K8-003260
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Change the permissions of the manifest files to "644" by executing the command:
chmod -R 644 /var/lib/etcd/*