lacework-global-800

Enable Linux auditd logging (Manual)

Description

Run the auditd logging daemon to obtain verbose operating system logs from Google Kubernetes Engine (GKE) nodes running Container-Optimized OS (COS).

Remediation

Using Command Line:

Download the example manifests:

curl https://raw.githubusercontent.com/GoogleCloudPlatform/k8s-node-tools/master/os-audit/cos-auditd-logging.yaml > cos-auditd-logging.yaml

Edit the example manifests, if needed, and then deploy using:

kubectl apply -f cos-auditd-logging.yaml

Verify that the logging Pods have started. If you defined a different Namespace in the manifests, replace cos-auditd with the name of the namespace in use:

kubectl get pods --namespace=cos-auditd

References

https://cloud.google.com/kubernetes-engine/docs/how-to/linux-auditd-logging
https://cloud.google.com/container-optimized-os/docs

Enable Linux auditd logging (Manual)​

Description​

Remediation​

References​

Enable Linux auditd logging (Manual)

Description

Remediation

References