Ensure that the AdvancedAuditing argument is not set to false – AdvancedAuditing
Details Do not disable advanced auditing. Rationale: ‘AdvancedAuditing’ enables a much more general API auditing pipeline, which includes support for...
- Home
- Security Hardening
- CIS Kubernetes 1.11 Benchmark V1.3.0 L1
CIS Kubernetes 1.11 Benchmark V1.3.0 L1
Ensure that the API Server only makes use of Strong Cryptographic Ciphers
Details Ensure that the API server is configured to only use strong cryptographic ciphers. Rationale: TLS ciphers have had a...Ensure that the AdvancedAuditing argument is not set to false – audit-policy-file contents
Details Do not disable advanced auditing. Rationale: ‘AdvancedAuditing’ enables a much more general API auditing pipeline, which includes support for...Ensure that the AdvancedAuditing argument is not set to false – audit-policy-file parameter
Details Do not disable advanced auditing. Rationale: ‘AdvancedAuditing’ enables a much more general API auditing pipeline, which includes support for...Ensure that the –anonymous-auth argument is set to false
Details Disable anonymous requests to the API server. Rationale: When enabled, requests that are not rejected by other configured authentication...Ensure that the API Server only makes use of Strong Cryptographic Ciphers
Details Ensure that the API server is configured to only use strong cryptographic ciphers. Rationale: TLS ciphers have had a...Ensure that the –audit-log-maxage argument is set to 30 or as appropriate
Details Retain the logs for at least 30 days or as appropriate. Rationale: Retaining logs for at least 30 days...Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate
Details Retain 10 or an appropriate number of old log files. Rationale: Kubernetes automatically rotates the log files. Retaining old...Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate
Details Rotate log files on reaching 100 MB or as appropriate. Rationale: Kubernetes automatically rotates the log files. Retaining old...Ensure that the –audit-log-path argument is set as appropriate
Details Enable auditing on the Kubernetes API Server and set the desired audit log path as appropriate. Rationale: Auditing the...