01-minimize-os-footprint

You SSH into a production node to investigate a security alert. ss -tlnp shows 14 services listening. rpm -qa | wc -l returns 847 packages. Avahi is broadcasting on the network. CUPS is accepting print jobs. The node was provisioned from a standard Ubuntu Server image six months ago, and nobody has touched the OS since.

This is the attack surface CKS Domain 3 tests. The exam gives you a terminal on a Kubernetes node with too many packages, too many services, and missing security profiles. Your job: reduce the footprint.