Ensure that the etcd data directory permissions are set to 700 or more restrictive
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The etcd data directory is configured with overly permissive permissions, allowing access to users other than the owner. This increases the risk of unauthorized read or write access to sensitive cluster data.
Impact#
If exploited, unauthorized users on the host could access or modify etcd data, potentially leading to compromise of Kubernetes secrets, cluster configuration, or denial of service, undermining the entire cluster’s security.
Resolution#
Change the etcd data directory /var/lib/etcd permissions of 700 or more restrictive