C-0160 - Ensure that a minimal audit policy is created
Framework
cis-v1.23-t1.0.1
Severity
Medium
Description of the the issue
Logging is an important detective control for all systems, to detect potential unauthorised access.
Related resources
Pod
What does this control test
Kubernetes can audit the details of requests made to the API server. The --audit-policy-file
flag must be set for this logging to be enabled.
How to check it manually
Run the following command on one of the cluster master nodes:
ps -ef | grep kube-apiserver
Verify that the --audit-policy-file
is set. Review the contents of the file specified and ensure that it contains a valid audit policy.
Remediation
Create an audit policy file for your cluster.
Impact Statement
Audit logs will be created on the master nodes, which will consume disk space. Care should be taken to avoid generating too large volumes of log information as this could impact the available of the cluster nodes.
Default Value
Unless the --audit-policy-file
flag is specified, no auditing will be carried out.
Example
No example
Updated 11 days ago