Details
Enable auditing on the Kubernetes API Server and set the desired audit log path as appropriate.
Rationale:
Auditing the Kubernetes API Server provides a security-relevant chronological set of records documenting the sequence of activities that have affected system by individual users, administrators or other components of the system. Even though currently, Kubernetes provides only basic audit capabilities, it should be enabled. You can enable it by setting an appropriate audit log path.
Solution
Edit the API server pod specification file ‘/etc/kubernetes/manifests/kube-apiserver.yaml’ on the master node and set the ‘–audit-log-path’ parameter to a suitable path and file where you would like audit logs to be written, for example:
–audit-log-path=/var/log/apiserver/audit.log
Impact:
None
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.