CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Worker

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Worker

Updated: 12/7/2022

Authority: CIS

Plugin: Unix

Revision: 1.3

Estimated Item Count: 26

File Details

Filename: CIS_Kubernetes_v1.20_v1.0.0_Level_1_Worker.audit

Size: 104 kB

MD5: bae1b91918ed9ec1698a4ec3a0c3bf81

SHA256: 783996b362e23dfe67000242d163c93678db1c59acc3b9d01a24f99a19c9e60e

Audit Items

Description	Categories
4.1.1 Ensure that the kubelet service file permissions are set to 644 or more restrictive	CONFIGURATION MANAGEMENT
4.1.2 Ensure that the kubelet service file ownership is set to root:root	CONFIGURATION MANAGEMENT
4.1.3 If proxy kubeconfig file exists ensure permissions are set to 644 or more restrictive	CONFIGURATION MANAGEMENT
4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:root	CONFIGURATION MANAGEMENT
4.1.5 Ensure that the --kubeconfig kubelet.conf file permissions are set to 644 or more restrictive	CONFIGURATION MANAGEMENT
4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root	CONFIGURATION MANAGEMENT
4.1.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive	CONFIGURATION MANAGEMENT
4.1.8 Ensure that the client certificate authorities file ownership is set to root:root	CONFIGURATION MANAGEMENT
4.1.9 Ensure that the kubelet --config configuration file has permissions set to 644 or more restrictive	CONFIGURATION MANAGEMENT
4.1.10 Ensure that the kubelet --config configuration file ownership is set to root:root	CONFIGURATION MANAGEMENT
4.2.1 Ensure that the --anonymous-auth argument is set to false	IDENTIFICATION AND AUTHENTICATION
4.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow	ACCESS CONTROL
4.2.3 Ensure that the --client-ca-file argument is set as appropriate	IDENTIFICATION AND AUTHENTICATION
4.2.4 Verify that the --read-only-port argument is set to 0	CONFIGURATION MANAGEMENT
4.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0	SYSTEM AND COMMUNICATIONS PROTECTION
4.2.6 Ensure that the --protect-kernel-defaults argument is set to true	CONFIGURATION MANAGEMENT
4.2.7 Ensure that the --make-iptables-util-chains argument is set to true	SYSTEM AND COMMUNICATIONS PROTECTION
4.2.8 Ensure that the --hostname-override argument is not set	CONFIGURATION MANAGEMENT
4.2.10 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	IDENTIFICATION AND AUTHENTICATION
4.2.10 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	IDENTIFICATION AND AUTHENTICATION
4.2.11 Ensure that the --rotate-certificates argument is not set to false	CONFIGURATION MANAGEMENT
4.2.12 Verify that the RotateKubeletServerCertificate argument is set to true	IDENTIFICATION AND AUTHENTICATION
4.2.13 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers	SYSTEM AND COMMUNICATIONS PROTECTION
5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterroles	ACCESS CONTROL
5.1.3 Minimize wildcard use in Roles and ClusterRoles - roles	ACCESS CONTROL
CIS_Kubernetes_v1.20_v1.0.0_Level_1_Worker.audit from CIS Kubernetes v1.20 Benchmark v1.0.0	CONFIGURATION MANAGEMENT

Detections

Analytics

CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Worker

Warning! Audit Deprecated

Audit Details

File Details

Audit Items