TF 0032 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure that the --audit-log-path argument is set
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The Kubernetes API Server is not configured with the --audit-log-path argument, which means audit logs of API requests are not being captured. This omission prevents the recording of activities and changes made via the API server.
Impact
Without audit logs, malicious or unauthorized API activity may go undetected, making it difficult to investigate security incidents or comply with auditing requirements. This can allow attackers to perform unauthorized actions without leaving a trace, increasing risk to the cluster.
Resolution
Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the Control Plane node and set the --audit-log-path parameter.