Details
Retain 10 or an appropriate number of old log files.
Rationale:
Kubernetes automatically rotates the log files. Retaining old log files ensures that you would have sufficient log data available for carrying out any investigation or correlation. For example, if you have set file size of 100 MB and the number of old log files to keep as 10, you would approximate have 1 GB of log data that you could potentially use for your analysis.
Solution
Edit the API server pod specification file ‘/etc/kubernetes/manifests/kube-apiserver.yaml’ on the master node and set the ‘–audit-log-maxbackup’ parameter to 10 or to an appropriate value.
–audit-log-maxbackup=10
Impact:
None
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.