Kubernetes Pod Logs Must Be Owned By Root

Description

All logs must be owned by root user and group. By default, the path for the Kubernetes audit log is

/var/log/kube-apiserver/

. To properly set the owner of /var/log/pods/*, run the command:

$ sudo chown root /var/log/pods/*

Rationale

Pod log files may contain sensitive information such as application data, user credentials, or system configurations. Unauthorized access to these log files can expose sensitive data to malicious actors. By setting owner permissions, OpenShift ensures that only authorized users or processes with the necessary privileges can access the pod log files, preserving the confidentiality of the logged information.

ID: xccdf_org.ssgproject.content_rule_file_owner_pod_logs
Severity: Medium
References: SRG-APP-000118-CTR-000240

CCE-88588-9
Updated: about 1 year ago