1.1.16 Ensure that the --audit-log-path argument is set as appropriate

Information

Enable auditing on kubernetes apiserver and set the desired audit log path as appropriate.

Rationale:

Auditing Kubernetes apiserver provides a security-relevant chronological set of records documenting the sequence of activities that have affected system by individual users, administrators or other components of the system. Even though currently, Kubernetes provides only basic audit capabilities, it should be enabled. You can enable it by setting an appropriate audit log path.

Solution

Edit the `/etc/kubernetes/apiserver` file on the master node and set the `KUBE_API_ARGS` parameter to `'--audit-log-path='`: `KUBE_API_ARGS='--audit-log-path=/var/log/apiserver/audit.log'`

Based on your system, restart the `kube-apiserver` service. For example: `systemctl restart kube-apiserver.service`

Impact:

None

See Also

https://workbench.cisecurity.org/files/1738

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c., CSCv6|6.2

Plugin: Unix

Control ID: 12165ae9bdb2dd25912c71fbf349170adf4ed63570347cc2dfafd16cf3c3d216