Verify User Who Owns The Etcd Write-Ahead-Log Files

An XCCDF Rule

Details
Profiles
Prose

Description

To properly set the owner of /var/lib/etcd/member/wal/*, run the command:

$ sudo chown root /var/lib/etcd/member/wal/*

warning alert: Dependency Warning

This rule is only applicable for nodes that run the Etcd service. The aforementioned service is only running on the nodes labeled "master" by default.

Rationale

etcd is a highly-available key-value store used by Kubernetes deployments for persistent storage of all of its REST API objects. This data directory should be protected from any unauthorized reads or writes.

ID: xccdf_org.ssgproject.content_rule_file_owner_etcd_data_files
Severity: Medium
References: CIP-003-8 R6 CIP-004-6 R3 CIP-007-3 R6.1

CM-6 CM-6(1)

SRG-APP-000516-CTR-001325

1.1.12

CCE-84010-8
Updated: about 1 year ago