Detections
Analytics

CIS Google Kubernetes Engine (GKE) v1.7.0 L1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Google Kubernetes Engine (GKE) v1.7.0 L1

Updated: 3/6/2026

Authority: CIS

Plugin: Unix

Revision: 1.2

Estimated Item Count: 14

File Details

Filename: CIS_Google_Kubernetes_Engine_GKE_v1.7.0_L1_Node.audit

Size: 83.9 kB

MD5: 2b02f68a5ed011d06b2f95bcc9812b49
SHA256: a25fe0304609896854fc98f87890b521fa52276449629f2eef7aecc53eb29004

Audit Items

DescriptionCategories
3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive
3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:root
3.1.3 Ensure that the kubelet configuration file has permissions set to 644
3.1.4 Ensure that the kubelet configuration file ownership is set to root:root
3.2.1 Ensure that the Anonymous Auth is Not Enabled Draft
3.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow
3.2.3 Ensure that a Client CA File is Configured
3.2.4 Ensure that the --read-only-port is disabled
3.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0
3.2.6 Ensure that the --make-iptables-util-chains argument is set to true
3.2.7 Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event capture
3.2.8 Ensure that the --rotate-certificates argument is not present or is set to true
3.2.9 Ensure that the RotateKubeletServerCertificate argument is set to true
CIS_Google_Kubernetes_Engine_GKE_v1.7.0_L1.audit from CIS Google Kubernetes Engine (GKE) Benchmark v1.7.0