Details
Rotate log files on reaching 100 MB or as appropriate.
Rationale:
Kubernetes automatically rotates the log files. Retaining old log files ensures that you would have sufficient log data available for carrying out any investigation or correlation. If you have set file size of 100 MB and the number of old log files to keep as 10, you would approximate have 1 GB of log data that you could potentially use for your analysis.
Solution
Edit the API server pod specification file ‘/etc/kubernetes/manifests/kube-apiserver.yaml’ on the master node and set the ‘–audit-log-maxsize’ parameter to an appropriate size in MB. For example, to set it as 100 MB:
–audit-log-maxsize=100
Impact:
None
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.