CIS Google Kubernetes Engine (GKE) v1.7.0 L1

Audit Details

Name: CIS Google Kubernetes Engine (GKE) v1.7.0 L1

Updated: 9/12/2025

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 14

File Details

Filename: CIS_Google_Kubernetes_Engine_GKE_v1.7.0_L1_Node.audit

Size: 112 kB

MD5: 5f10ec9b2e930b8ecb05025c9dc225ad
SHA256: 30d2372efa1de771d4b019599486cd82ce1431ade26f1b86c8b9addb0616bce4

Audit Items

DescriptionCategories
3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive

ACCESS CONTROL, MEDIA PROTECTION

3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:root

ACCESS CONTROL, MEDIA PROTECTION

3.1.3 Ensure that the kubelet configuration file has permissions set to 644

ACCESS CONTROL, MEDIA PROTECTION

3.1.4 Ensure that the kubelet configuration file ownership is set to root:root

ACCESS CONTROL, MEDIA PROTECTION

3.2.1 Ensure that the Anonymous Auth is Not Enabled Draft

ACCESS CONTROL

3.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow

ACCESS CONTROL

3.2.3 Ensure that a Client CA File is Configured

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.4 Ensure that the --read-only-port is disabled

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.6 Ensure that the --make-iptables-util-chains argument is set to true

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.7 Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event capture

AUDIT AND ACCOUNTABILITY

3.2.8 Ensure that the --rotate-certificates argument is not present or is set to true

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.9 Ensure that the RotateKubeletServerCertificate argument is set to true

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

CIS_Google_Kubernetes_Engine_GKE_v1.7.0_L1.audit from CIS Google Kubernetes Engine (GKE) Benchmark v1.7.0