The OpenShift etcd Data Directory Must Have Mode 0700

An XCCDF Rule

Details
Profiles
Prose

Description

To properly set the permissions of /var/lib/etcd, run the command:

$ sudo chmod 0700 /var/lib/etcd

Rationale

The /var/lib/etcd directory contains highly-available distributed key/value data storage across an OpenShift cluster. Allowing access to users to this directory could compromise OpenShift data and the cluster.

ID: xccdf_org.ssgproject.content_rule_file_permissions_var_lib_etcd
Severity: Medium
References: 1.1.11
Updated: over 1 year ago