Ensure that a minimal audit policy is created

MEDIUM

Description

Description:

Kubernetes can audit the details of requests made to the API server. The '--audit-policy-file' flag must be set for this logging to be enabled.

Rationale:

Logging is an important detective control for all systems, to detect potential unauthorised access.

Audit logs will be created on the master nodes, which will consume disk space. Care should be taken to avoid generating too large volumes of log information as this could impact the available of the cluster nodes.

Remediation

Create an audit policy file for your cluster.

Policy Details

Rule Reference ID: AC_K8S_0066

CSP: Kubernetes

Remediation Available: No

Domain: Logging and Monitoring

Resource: kubernetes_pod

Resource Category: Compute

Resource Type: Pod

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
CIS Kubernetes v1.6.1 Level 1 - Master Node
NSA CISA Kubernetes Hardening Guide 1.0
CIS Google Kubernetes Engine (GKE) v1.2.0 Level 1 - Master Node
CIS Google Kubernetes Engine (GKE) v1.4.0 Level 1

Detections

Analytics