CIS Google Kubernetes Engine (GKE) v1.4.0 L1 Node

This audit file has been deprecated and will be removed in a future update.

Name: CIS Google Kubernetes Engine (GKE) v1.4.0 L1 Node

Updated: 1/29/2024

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 17

Filename: CIS_Google_Kubernetes_Engine_GKE_v1.4.0_L1_Node.audit

Size: 73.7 kB

MD5: cf32c5d7235e0ebc46ba3539efe523c1

SHA256: 64ec74e70acdc0cc4692f2531f954e650c9f7a179fbb06b6197c9ceca8da6047

Description	Categories
3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive
3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:root
3.1.3 Ensure that the kubelet configuration file has permissions set to 644 or more restrictive
3.1.4 Ensure that the kubelet configuration file ownership is set to root:root
3.2.1 Ensure that the --anonymous-auth argument is set to false
3.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow
3.2.3 Ensure that the --client-ca-file argument is set as appropriate
3.2.4 Ensure that the --read-only-port argument is set to 0
3.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0
3.2.6 Ensure that the --make-iptables-util-chains argument is set to true
3.2.7 Ensure that the --hostname-override argument is not set
3.2.8 Ensure that the --eventrecordqps argument is set to 5 or higher or a level which ensures appropriate event capture
3.2.9 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert
3.2.9 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key
3.2.10 Ensure that the --rotate-certificates argument is not set to false
3.2.11 Ensure that the RotateKubeletServerCertificate argument is set to true
CIS_Google_Kubernetes_Engine_GKE_v1.4.0_L1_Node.audit from CIS Google Kubernetes Engine (GKE) Benchmark