C-0130 - Ensure that the API Server --audit-log-path argument is set
Framework
cis-v1.23-t1.0.1
Severity
High
Description of the the issue
Auditing the Kubernetes API Server provides a security-relevant chronological set of records documenting the sequence of activities that have affected system by individual users, administrators or other components of the system. Even though currently, Kubernetes provides only basic audit capabilities, it should be enabled. You can enable it by setting an appropriate audit log path.
Related resources
Pod
What does this control test
Enable auditing on the Kubernetes API Server and set the desired audit log path.
How to check it manually
Run the following command on the Control Plane node:
ps -ef | grep kube-apiserver
Verify that the --audit-log-path
argument is set as appropriate.
Remediation
Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
on the Control Plane node and set the --audit-log-path
parameter to a suitable path and file where you would like audit logs to be written, for example:
--audit-log-path=/var/log/apiserver/audit.log
Impact Statement
None
Default Value
By default, auditing is not enabled.
Example
No example
Updated 11 days ago