Detections
Analytics

CIS Kubernetes v1.11.1 L1 Worker Node

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Kubernetes v1.11.1 L1 Worker Node

Updated: 11/24/2025

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 25

File Details

Filename: CIS_Kubernetes_v1.11.1_L1_Worker_Node.audit

Size: 84.5 kB

MD5: 3f38d8a9e2af01672bb9013d34e0771d
SHA256: 0eb164690a52cc9c1aa527bbe519613a1a071cdf0eeb169d61c248957a4193f4

Audit Items

DescriptionCategories
4.1.2 Ensure that the kubelet service file ownership is set to root:root
4.1.3 If proxy kubeconfig file exists ensure permissions are set to 600 or more restrictive
4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:root
4.1.5 Ensure that the --kubeconfig kubelet.conf file permissions are set to 600 or more restrictive
4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root
4.1.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive
4.1.8 Ensure that the client certificate authorities file ownership is set to root:root
4.1.9 If the kubelet config.yaml configuration file is being used validate permissions set to 600 or more restrictive
4.1.10 If the kubelet config.yaml configuration file is being used validate file ownership is set to root:root
4.2.1 Ensure that the --anonymous-auth argument is set to false
4.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow
4.2.3 Ensure that the --client-ca-file argument is set as appropriate
4.2.4 Verify that if defined, readOnlyPort is set to 0
4.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0
4.2.6 Ensure that the --make-iptables-util-chains argument is set to true
4.2.7 Ensure that the --hostname-override argument is not set
4.2.9 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate
4.2.10 Ensure that the --rotate-certificates argument is not set to false
4.2.11 Verify that the RotateKubeletServerCertificate argument is set to true
4.2.12 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers
4.2.13 Ensure that a limit is set on pod PIDs
4.2.14 Ensure that the --seccomp-default parameter is set to true
4.3.1 Ensure that the kube-proxy metrics service is bound to localhost
5.1.3 Minimize wildcard use in Roles and ClusterRoles
CIS_Kubernetes_v1.11.1_L1_Worker_Node.audit from CIS Kubernetes Benchmark v1.11.1