2.2.1 Ensure that a minimal audit policy is created

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Kubernetes can audit the details of requests made to the API server. The --audit-policy-file flag must be set for this logging to be enabled.

Rationale:

Logging is an important detective control for all systems, to detect potential unauthorised access.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

This control cannot be modified in GKE.

Impact:

Audit logs will be created on the master nodes, which will consume disk space. Care should be taken to avoid generating too large volumes of log information as this could impact the available of the cluster nodes.

Default Value:

See the GKE documentation for the default value.

See Also

https://workbench.cisecurity.org/files/2764