The Kubernetes API Server audit log retention must be set.

An XCCDF Rule

Details
Profiles

Description

The Kubernetes API Server must set enough storage to retain logs for monitoring suspicious activity and system misconfiguration, and provide evidence for Cyber Security Investigations.

ID: SV-242464r961863_rule
Version: CNTR-K8-003310
Severity: Medium
References: CCI-000366
Updated: 15 days ago

Remediation Templates

Edit the Kubernetes API Server manifest file in the /etc/kubernetes/manifests directory on the Kubernetes Control Plane. Set the value of "--audit-log-maxage" to a minimum of "30".

The Kubernetes API Server audit log retention must be set.

Description

Remediation Templates

A Manual Procedure