CIS Google Kubernetes Engine (GKE) v1.6.1 L1 Node

This audit file has been deprecated and will be removed in a future update.

Name: CIS Google Kubernetes Engine (GKE) v1.6.1 L1 Node

Updated: 3/5/2025

Authority: CIS

Plugin: Unix

Revision: 1.2

Estimated Item Count: 14

Filename: CIS_Google_Kubernetes_Engine_GKE_v1.6.1_L1_Node.audit

Size: 83.8 kB

MD5: e2dfac209f48f39543477efd02364061

SHA256: 5fd7a0bb5f4b7c33d4a143ed9ab125ecc196f35a1f87ad0f68c0083bc1701a1b

Description	Categories
3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive
3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:root
3.1.3 Ensure that the kubelet configuration file has permissions set to 600
3.1.4 Ensure that the kubelet configuration file ownership is set to root:root
3.2.1 Ensure that the Anonymous Auth is Not Enabled Draft
3.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow
3.2.3 Ensure that a Client CA File is Configured
3.2.4 Ensure that the --read-only-port is disabled
3.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0
3.2.6 Ensure that the --make-iptables-util-chains argument is set to true
3.2.7 Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event capture
3.2.8 Ensure that the --rotate-certificates argument is not present or is set to true
3.2.9 Ensure that the RotateKubeletServerCertificate argument is set to true
CIS_Google_Kubernetes_Engine_GKE_v1.6.1_L1.audit from CIS Google Kubernetes Engine (GKE) Benchmark v1.6.1