1.2.16 Ensure that the --audit-log-path argument is set

Information

Enable auditing on the Kubernetes API Server and set the desired audit log path.

Auditing the Kubernetes API Server provides a security-relevant chronological set of records documenting the sequence of activities that have affected system by individual users, administrators or other components of the system. Even though currently, Kubernetes provides only basic audit capabilities, it should be enabled. You can enable it by setting an appropriate audit log path.

Solution

Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the Control Plane node and set the --audit-log-path parameter to a suitable path and file where you would like audit logs to be written, for example:

--audit-log-path=/var/log/apiserver/audit.log

Impact:

None

See Also

https://workbench.cisecurity.org/benchmarks/17568

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2, 800-53|AU-7, 800-53|AU-12, CSCv7|6.2

Plugin: Unix

Control ID: c4c07852bcaa07d0459c7d34322e6422eb1f3fe3afc83d32e4911c87fc1600f3