Detections
Analytics

CIS Google Kubernetes Engine (GKE) v1.6.0 L1 Node

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Google Kubernetes Engine (GKE) v1.6.0 L1 Node

Updated: 10/28/2024

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 14

File Details

Filename: CIS_Google_Kubernetes_Engine_GKE_v1.6.0_L1_Node.audit

Size: 83.9 kB

MD5: 6eb18f47b30b98d1a037c53718f94536
SHA256: c7aeb8dab57a6380ec50be6ed1f122a5a224cb9659afcac28cd862a74ef3c25e

Audit Items

DescriptionCategories
3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive
3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:root
3.1.3 Ensure that the kubelet configuration file has permissions set to 600
3.1.4 Ensure that the kubelet configuration file ownership is set to root:root
3.2.1 Ensure that the Anonymous Auth is Not Enabled Draft
3.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow
3.2.3 Ensure that a Client CA File is Configured
3.2.4 Ensure that the --read-only-port is disabled
3.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0
3.2.6 Ensure that the --make-iptables-util-chains argument is set to true
3.2.7 Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event capture
3.2.8 Ensure that the --rotate-certificates argument is not present or is set to true
3.2.9 Ensure that the RotateKubeletServerCertificate argument is set to true
CIS_Google_Kubernetes_Engine_GKE_v1.6.0_L1_Node.audit from CIS Google Kubernetes Engine (GKE) Benchmark