3.2 Logging
3.2.1 Ensure that a minimal audit policy is created (Manual)
Recommended Action
Create an audit policy file for your cluster.
3.2.2 Ensure that the audit policy covers key security concerns (Manual)
Recommended Action
Review the audit policy provided for the cluster and ensure that it covers
at least the following areas,
- Access to Secrets managed by the cluster. Care should be taken to only
log Metadata for requests to Secrets, ConfigMaps, and TokenReviews, in
order to avoid risk of logging sensitive data.
- Modification of Pod and Deployment objects.
- Use of
pods/exec
, pods/portforward
, pods/proxy
and services/proxy
.
For most requests, minimally logging at the Metadata level is recommended
(the most basic level of logging).