Ensure that the etcd data directory ownership is set to etcd:etcd
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The etcd data directory (/var/lib/etcd) is not owned by the etcd user and group, which allows unauthorized users or processes to access or modify its contents. This misconfiguration undermines the integrity and confidentiality of etcd data.
Impact#
If exploited, unauthorized users or processes could read, modify, or delete etcd database files, potentially leading to compromise of sensitive cluster data, disruption of cluster operations, or escalation of privileges within the Kubernetes environment.
Resolution#
Change the etcd data directory /var/lib/etcd ownership to etcd:etcd