Verify Group Who Owns The Etcd Write-Ahead-Log Files

An XCCDF Rule

Details
Profiles
Prose

Description

To properly set the group owner of /var/lib/etcd/member/wal/*, run the command:

$ sudo chgrp root /var/lib/etcd/member/wal/*

warning alert: Dependency Warning

This rule is only applicable for nodes that run the Etcd service. The aforementioned service is only running on the nodes labeled "master" by default.

Rationale

etcd is a highly-available key-value store used by Kubernetes deployments for persistent storage of all of its REST API objects. This data directory should be protected from any unauthorized reads or writes.

ID: xccdf_org.ssgproject.content_rule_file_groupowner_etcd_data_files
Severity: Medium
References: CIP-003-8 R6 CIP-004-6 R3 CIP-007-3 R6.1

CM-6 CM-6(1)

SRG-APP-000516-CTR-001325

1.1.12

CCE-83816-9
Updated: about 1 year ago