Workload misconfigurations

Kubernetes node’s kubelet streaming-connection-idle-timeout is set 0

Platform(s)
  • Non-platform specific

Compliance Frameworks
  • AKS CIS
  • ,
  • CCPA
  • ,
  • CPRA
  • ,
  • EKS CIS
  • ,
  • GKE CIS
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • K8s CIS
  • ,
  • K8s OWASP Top 10
  • ,
  • NIST 800-171
  • ,
  • NIST 800-190
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • STIG K8s
  • ,
  • UK Cyber Essentials

Description

The kubelet reads various parameters, including security settings, from a config file. Setting idle timeouts ensures that you are protected against Denial-of-Service attacks, inactive connections and running out of ephemeral ports. Orca has detected that the StreamingConnectionIdleTimeout is set to 0 on {K8sNode.Vm}.