Ensure that the AdvancedAuditing argument is not set to false – audit-policy-file
Details Do not disable advanced auditing. Rationale: ‘AdvancedAuditing’ enables a much more general API auditing pipeline, which includes support for...
- Home
- Security Hardening
- CIS Kubernetes 1.13 Benchmark V1.4 1 L1
CIS Kubernetes 1.13 Benchmark V1.4 1 L1
Ensure that the AdvancedAuditing argument is not set to false – @AUDIT_POLICY_FILE@
Details Do not disable advanced auditing. Rationale: ‘AdvancedAuditing’ enables a much more general API auditing pipeline, which includes support for...Ensure that the –anonymous-auth argument is set to false
Details Disable anonymous requests to the API server. Rationale: When enabled, requests that are not rejected by other configured authentication...Ensure that the API Server only makes use of Strong Cryptographic Ciphers
Details Ensure that the API server is configured to only use strong cryptographic ciphers. Rationale: TLS ciphers have had a...Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate
Details Retain 10 or an appropriate number of old log files. Rationale: Kubernetes automatically rotates the log files. Retaining old...Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate
Details Rotate log files on reaching 100 MB or as appropriate. Rationale: Kubernetes automatically rotates the log files. Retaining old...Ensure that the –audit-log-maxage argument is set to 30 or as appropriate
Details Retain the logs for at least 30 days or as appropriate. Rationale: Retaining logs for at least 30 days...Ensure that the –audit-log-path argument is set as appropriate
Details Enable auditing on the Kubernetes API Server and set the desired audit log path as appropriate. Rationale: Auditing the...Ensure that the –authorization-mode argument includes Node
Details Restrict kubelet nodes to reading only objects associated with them. Rationale: The ‘Node’ authorization mode only allows kubelets to...Ensure that the –authorization-mode argument includes RBAC
Details Turn on Role Based Access Control. Rationale: Role Based Access Control (RBAC) allows fine-grained control over the operations that...