You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With latest release of kube-bench we have found that the assessment for file permissions for kubelet configuration file is cnsidered as failure. Whereas in earlier version it was getting marked as just warning.
Although /var/lib/kubelet/config.yaml currently has 644 permissions, and /var/lib/kubelet has 700.
So the "effective" permissions for /var/lib/kubelet/config.yaml is 700 & 644 = 600.
In particular, no user apart from root can read the file.
Still, with latest release of kube-bench, despite of having restrictive permissions it getting marked as FAILURE.
How did you run kube-bench?
We have downloaded the laetst kube-bench debian package and installed on control plane and worker nodes using below command. sudo dpkg -i kube-bench_0.7.2_linux_amd64.deb
Then run the scan using below command. sudo kube-bench
What happened?
kube-bench identifier 4.1.9 marked as FAIL
What did you expect to happen:
kube-bench identifier 4.1.9 should be marked as PASS
Environment
kube-bench version 0.7.2
kubectl version
Client Version: v1.29.1
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.29.1
Overview
With latest release of kube-bench we have found that the assessment for file permissions for kubelet configuration file is cnsidered as failure. Whereas in earlier version it was getting marked as just warning.
Although
/var/lib/kubelet/config.yaml
currently has 644 permissions, and/var/lib/kubelet
has 700.So the "effective" permissions for
/var/lib/kubelet/config.yaml
is 700 & 644 = 600.In particular, no user apart from root can read the file.
Still, with latest release of kube-bench, despite of having restrictive permissions it getting marked as FAILURE.
How did you run kube-bench?
We have downloaded the laetst kube-bench debian package and installed on control plane and worker nodes using below command.
sudo dpkg -i kube-bench_0.7.2_linux_amd64.deb
Then run the scan using below command.
sudo kube-bench
What happened?
kube-bench identifier 4.1.9 marked as FAIL
What did you expect to happen:
kube-bench identifier 4.1.9 should be marked as PASS
Environment
0.7.2
Running processes
The text was updated successfully, but these errors were encountered: