Profile Applicability:

  • Level 1

Description:
 The azure.json file contains sensitive information, such as Azure credentials and configurations, required to authenticate and interact with Azure resources. It is crucial to ensure that the ownership of this file is set to root:root to prevent unauthorized modification by non-administrative users.

Rationale:
 Proper ownership of the azure.json file ensures that only the root user can modify it, thereby preventing unauthorized access or tampering with the file. This step helps secure the Kubernetes cluster's configuration and protects sensitive Azure credentials.

Impact:

  • Pros:

    • Prevents unauthorized access to or modification of critical Azure configuration files.

    • Ensures the integrity of the azure.json file by restricting access to root users only.

  • Cons:

    • May require adjustments for users who need to modify the azure.json file, ensuring they have the appropriate privileges.

Default Value:
 The ownership of the azure.json file may vary, but it is generally recommended to have root:root ownership for security purposes.

Pre-requisites:
 Ensure that you have the necessary administrative permissions to change the ownership of system files.

Remediation

Test Plan:

Using Azure Console:

  1. Use the system’s file management interface to navigate to the azure.json file.

  2. Verify the file ownership to ensure it is set to root:root.

Using Azure CLI:

  1. Use the following command to check the ownership of the azure.json file:

     ls -l /etc/kubernetes/azure.json

  2. Ensure the owner is root and the group is root.

Implementation Plan:

Using AWS Console:

  1. Navigate to the location of the azure.json file.

  2. Modify the file ownership to root:root using the file management interface.

Using Azure CLI:

  1. Update the file ownership for the azure.json file:

    sudo chown root:root /etc/kubernetes/azure.json

Backout Plan:

Using Azure Console:

  1. If the ownership change causes issues, revert to the original ownership using the file management interface.

Using Azure CLI:

  1. Revert the ownership to the previous state using the following command:

     sudo chown <previous-owner>:<previous-group> /etc/kubernetes/azure.json

References:

  1. Kubernetes Documentation on Azure Config

  2. Linux File Ownership and Permissions