Skip to content
Log In

The Kubernetes API Server must be set to audit log maximum backup.

An XCCDF Rule

Description

The Kubernetes API Server must set enough storage to retain logs for monitoring suspicious activity and system misconfiguration, and provide evidence for Cyber Security Investigations.

ID
SV-242463r961863_rule
Version
CNTR-K8-003300
Severity
Medium
References
Updated

Remediation Templates

A Manual Procedure

Edit the Kubernetes API Server manifest file in the /etc/kubernetes/manifests directory on the Kubernetes Control Plane. Set the value of "--audit-log-maxbackup" to a minimum of "10".