1.1.2 Ensure that the --anonymous-auth argument is set to false

Information

Disable anonymous requests to the API server.

Rationale:

When enabled, requests that are not rejected by other configured authentication methods are treated as anonymous requests. These requests are then served by the API server. You should rely on authentication to authorize access and disallow anonymous requests.

Solution

Edit the `/etc/kubernetes/apiserver` file on the master node and set the `KUBE_API_ARGS` parameter to `'--anonymous-auth=false'`: `KUBE_API_ARGS='--anonymous-auth=false'`

Based on your system, restart the `kube-apiserver` service. For example, `systemctl restart kube-apiserver.service`

Impact:

Anonymous requests will be rejected.

See Also

https://workbench.cisecurity.org/files/1738

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2, CSCv6|14

Plugin: Unix

Control ID: 142a68015b95de4bf2f964fc223fbdf2ab0d32420377cd531070227ccde957d2