Ensure that the scheduler config file permissions are set to 600 or more restrictive
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The Kubernetes scheduler configuration file (/etc/kubernetes/scheduler.conf) is set with permissions that are too permissive, allowing unauthorized users to read, modify, or overwrite the file. This exposes sensitive scheduler credentials and settings to anyone with access permissions beyond the owner.
Impact#
If exploited, unauthorized users could gain access to or alter the Kubernetes scheduler’s configuration, potentially compromising cluster operations, escalating privileges, or disrupting services. This could lead to cluster-wide security breaches or outages.
Resolution#
Change the scheduler config file /etc/kubernetes/scheduler.conf permissions of 600 or more restrictive