iCompaas Support

Profile Applicability:

• Level 1
  

Description:
 The azure.json file contains configuration details for accessing and managing Azure resources from a Kubernetes cluster. It is essential to set the correct file permissions to prevent unauthorized access to sensitive information, such as credentials and configuration settings.

Rationale:
 Setting file permissions to 644 or more restrictive ensures that only authorized users can read or modify the azure.json file. This is a security best practice to prevent unauthorized access to the Azure configuration and protect sensitive credentials.

Impact:

• Pros:
  

  • Prevents unauthorized access to the Azure configuration file.
    

  • Enhances security by restricting access to sensitive configuration data.
    

• Cons:
  

  • Requires additional access control management to ensure authorized users can still read and update the file when necessary.
    

Default Value:
 The default permissions for azure.json can vary, but the file should be configured with restrictive permissions by default for security purposes.

Pre-requisites:
 Ensure that the azure.json file exists and is accessible, and that you have the necessary permissions to modify its file attributes.

Remediation

Test Plan:

Using Azure Console:

1. Use the system’s file management interface to navigate to the azure.json file.
   

2. Verify the file permissions to ensure they are set to 644 or more restrictive.
   

Using Azure CLI:

1. Use the following command to check the permissions of the azure.json file:
   

   ls -l /etc/kubernetes/azure.json

2. Ensure that the file permissions are set to 644 or more restrictive.

Implementation Plan:

Using Azure Console:

1. Navigate to the location of the azure.json file.
   

2. Modify the file permissions to 644 or more restrictive using the file management interface.
   

Using Azure CLI:

1. Update the file permissions for the azure.json file:
   

    chmod 644 /etc/kubernetes/azure.json

Backout Plan:

Using Azure Console:

1. If modifying the file permissions causes issues, revert to the original permissions using the file management interface.
   

Using Azure CLI:

1. Revert the permissions to the previous state using the following command:
   

    chmod <previous-permissions> /etc/kubernetes/azure.json

References:

1. Kubernetes Documentation on Azure Config
   

2. Linux File Permissions Guide