Profile applicability: Level 1 - Master Node
Ensure that the
admin.conf file (and super-admin.conf file, where it exists) have permissions of 600.As part of initial cluster setup, default kubeconfig files are created to be used
by the administrator of the cluster. These files contain private keys and certificates
which allow for privileged access to the cluster. You should restrict their file permissions
to maintain the integrity and confidentiality of the file(s). The file(s) should be
readable and writable by only the administrators on the system.
 |
NoteBy default,
admin.conf and super-admin.conf have permissions of 600. |
Audit
Run the following command (based on the file location on your system) on the Control
Plane node.
stat -c %a /etc/kubernetes/admin.conf
On Kubernetes version 1.29 and higher run the following command as well.
stat -c %a /etc/kubernetes/super-admin.conf
Verify that the permissions are 600 or more restrictive.
Remediation
Run the below command (based on the file location on your system) on the Control Plane
node.
chmod 600 /etc/kubernetes/admin.conf
On Kubernetes 1.29+ the
super-admin.conf file should also be modified, if present.chmod 600 /etc/kubernetes/super-admin.conf