An error occurred:

Check: CNTR-MK-000220

Mirantis Kubernetes Engine STIG: CNTR-MK-000220 (in versions v2 r1 through v1 r1)

Title

Audit logging must be enabled on MKE. (Cat II impact)

Discussion

Enabling audit logging on MKE enhances security, supports compliance efforts, provides user accountability, and offers valuable insights for incident response and operational management. It is an essential component of maintaining a secure, compliant, and well-managed Kubernetes environment. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one.

Check Content

Check auditing configuration level for MKE nodes and controller: Log in to the MKE web UI and navigate to admin >> Admin Settings >> Logs & Audit Logs. If "AUDIT LOG LEVEL" is not set to "Request", this is a finding. If "DEBUG LEVEL" is set to "ERROR", this is a finding.

Fix Text

Log in to the MKE web UI and navigate to admin >> Admin Settings >> Logs & Audit Logs. In the "Configure Audit Log Level" section, select "Request" In the "Configure Global Log Level" section, select "INFO" or "DEBUG". Note: The recommended setting is "INFO". Click "Save".

Additional Identifiers

Rule ID: SV-260914r966099_rule

Vulnerability ID: V-260914

Group Title: SRG-APP-000092-CTR-000165

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000018

Automatically audit account creation actions.
CCI-000135

Generate audit records containing the organization-defined additional information that is to be included in the audit records.
CCI-000169

Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2 a on organization-defined information system components.
CCI-000172

Generate audit records for the event types defined in AU-2 c that include the audit record content defined in AU-3.
CCI-001403

Automatically audit account modification actions.
CCI-001404

Automatically audit account disabling actions.
CCI-001405

Automatically audit account removal actions.
CCI-001464

Initiates session audits automatically at system start-up.
CCI-002234

Log the execution of privileged functions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-2(4)

Automated Audit Actions
AC-6(9)

Auditing Use of Privileged Functions
AU-3(1)

Additional Audit Information
AU-12

Audit Generation
AU-14(1)

System Start-up