-
Notifications
You must be signed in to change notification settings - Fork 1.4k
/
apiserver_audit_log_maxage_set.metadata.json
36 lines (36 loc) · 1.61 KB
/
apiserver_audit_log_maxage_set.metadata.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
{
"Provider": "kubernetes",
"CheckID": "apiserver_audit_log_maxage_set",
"CheckTitle": "Ensure that the --audit-log-maxage argument is set to 30 or as appropriate",
"CheckType": [
"Security",
"Configuration"
],
"ServiceName": "apiserver",
"SubServiceName": "Auditing",
"ResourceIdTemplate": "",
"Severity": "medium",
"ResourceType": "KubernetesAPIServer",
"Description": "This check ensures that the Kubernetes API server is configured with an appropriate audit log retention period. Setting --audit-log-maxage to 30 or as per business requirements helps in maintaining logs for sufficient time to investigate past events.",
"Risk": "Without an adequate log retention period, there may be insufficient audit history to investigate and analyze past events or security incidents.",
"RelatedUrl": "https://kubernetes.io/docs/concepts/cluster-administration/audit/",
"Remediation": {
"Code": {
"CLI": "Edit the kube-apiserver configuration to set the --audit-log-maxage argument to 30 or an appropriate number of days. Example: --audit-log-maxage=30",
"NativeIaC": "",
"Other": "",
"Terraform": ""
},
"Recommendation": {
"Text": "Configure the API server audit log retention period to retain logs for at least 30 days or as per your organization's requirements.",
"Url": "https://kubernetes.io/docs/admin/kube-apiserver/"
}
},
"Categories": [
"Logging",
"Compliance"
],
"DependsOn": [],
"RelatedTo": [],
"Notes": "Ensure the audit log retention period is set appropriately to balance between storage constraints and the need for historical data."
}