STIGQter: STIG Summary: Kubernetes Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

Kubernetes Kubelet must deny hostname override.

DISA Rule

SV-242404r712568_rule

Vulnerability Number

V-242404

Group Title

SRG-APP-000133-CTR-000290

Rule Version

CNTR-K8-000850

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

Edit the Kubernetes Kubelet file in the /etc/sysconfig directory on the Master and Worker nodes and remove the "--hostname-override" setting. Restart the service after the change is made by running:

service kubelet restart

Check Contents

On the Master and each Worker node, change to the /etc/sysconfig/ directory and run the command:

grep -i hostname-override kubelet
--hostname-override

If any of the nodes have the setting "hostname-override" present, this is a finding.

Vulnerability Number

V-242404

Documentable

False

Rule Version

CNTR-K8-000850

Severity Override Guidance

On the Master and each Worker node, change to the /etc/sysconfig/ directory and run the command:

grep -i hostname-override kubelet
--hostname-override

If any of the nodes have the setting "hostname-override" present, this is a finding.

Check Content Reference

M

Target Key

5376

Comments