Detections
Analytics

CIS Google Kubernetes Engine (GKE) v1.3.0 L1 Node

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Google Kubernetes Engine (GKE) v1.3.0 L1 Node

Updated: 7/25/2023

Authority: CIS

Plugin: Unix

Revision: 1.4

Estimated Item Count: 18

Audit Items

DescriptionCategories
3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive
3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:root
3.1.3 Ensure that the kubelet configuration file has permissions set to 644 or more restrictive
3.1.4 Ensure that the kubelet configuration file ownership is set to root:root
3.2.1 Ensure that the --anonymous-auth argument is set to false
3.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow
3.2.3 Ensure that the --client-ca-file argument is set as appropriate
3.2.4 Ensure that the --read-only-port argument is set to 0
3.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0
3.2.6 Ensure that the --protect-kernel-defaults argument is set to true
3.2.7 Ensure that the --make-iptables-util-chains argument is set to true
3.2.8 Ensure that the --hostname-override argument is not set
3.2.9 Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture
3.2.10 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert
3.2.10 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key
3.2.11 Ensure that the --rotate-certificates argument is not set to false
3.2.12 Ensure that the RotateKubeletServerCertificate argument is set to true
CIS_Google_Kubernetes_Engine_GKE_v1.3.0_L1_Node.audit from CIS Google Kubernetes Engine (GKE) Benchmark