Fortinet black logo

Online Help

Amazon EKS Compliance Audit Configuration File Paths

Copy Link
Copy Doc ID e0288d11-27c1-11ec-8c53-00505692583a:471623

Amazon EKS Compliance Audit Configuration File Paths

This table displays all possible configuration file paths of compliance audits performed on Kubernetes clusters of Amazon Elastic Kubernetes Service (EKS).

ID Name Audit All Possible Configuration File Paths
3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive (Scored) /bin/sh -c ''if test -e $proxykubeconfig; then stat -c %a $proxykubeconfig; fi''

"/etc/kubernetes/kubelet-kubeconfig"

"/var/lib/kubelet/kubeconfig"

"/var/snap/microk8s/current/credentials/proxy.config"

3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:root (Scored) /bin/sh -c ''if test -e $proxykubeconfig; then stat -c %U:%G $proxykubeconfig; fi''

"/etc/kubernetes/kubelet-kubeconfig"

"/var/lib/kubelet/kubeconfig"

"/var/snap/microk8s/current/credentials/proxy.config"

3.1.3 Ensure that the kubelet configuration file has permissions set to 644 or more restrictive (Scored) /bin/sh -c ''if test -e $kubeletconf; then stat -c %a $kubeletconf; fi''

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.1.4 Ensure that the kubelet configuration file ownership is set to root:root (Scored) /bin/sh -c ''if test -e $kubeletconf; then stat -c %U:%G $kubeletconf; fi''

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.1 Ensure that the --anonymous-auth argument is set to false (Scored) /bin/ps -fC $kubeletbinor/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.3 Ensure that the --client-ca-file argument is set as appropriate (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.4 Ensure that the --read-only-port argument is set to 0 (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.6 Ensure that the --protect-kernel-defaults argument is set to true (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.7 Ensure that the --make-iptables-util-chains argument is set to true (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.8 Ensure that the --hostname-override argument is not set (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.9 Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.10 Ensure that the --rotate-certificates argument is not set to false (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.11 Ensure that the RotateKubeletServerCertificate argument is set to true (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

Amazon EKS Compliance Audit Configuration File Paths

This table displays all possible configuration file paths of compliance audits performed on Kubernetes clusters of Amazon Elastic Kubernetes Service (EKS).

ID Name Audit All Possible Configuration File Paths
3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive (Scored) /bin/sh -c ''if test -e $proxykubeconfig; then stat -c %a $proxykubeconfig; fi''

"/etc/kubernetes/kubelet-kubeconfig"

"/var/lib/kubelet/kubeconfig"

"/var/snap/microk8s/current/credentials/proxy.config"

3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:root (Scored) /bin/sh -c ''if test -e $proxykubeconfig; then stat -c %U:%G $proxykubeconfig; fi''

"/etc/kubernetes/kubelet-kubeconfig"

"/var/lib/kubelet/kubeconfig"

"/var/snap/microk8s/current/credentials/proxy.config"

3.1.3 Ensure that the kubelet configuration file has permissions set to 644 or more restrictive (Scored) /bin/sh -c ''if test -e $kubeletconf; then stat -c %a $kubeletconf; fi''

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.1.4 Ensure that the kubelet configuration file ownership is set to root:root (Scored) /bin/sh -c ''if test -e $kubeletconf; then stat -c %U:%G $kubeletconf; fi''

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.1 Ensure that the --anonymous-auth argument is set to false (Scored) /bin/ps -fC $kubeletbinor/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.3 Ensure that the --client-ca-file argument is set as appropriate (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.4 Ensure that the --read-only-port argument is set to 0 (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.6 Ensure that the --protect-kernel-defaults argument is set to true (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.7 Ensure that the --make-iptables-util-chains argument is set to true (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.8 Ensure that the --hostname-override argument is not set (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.9 Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.10 Ensure that the --rotate-certificates argument is not set to false (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"

3.2.11 Ensure that the RotateKubeletServerCertificate argument is set to true (Scored)

/bin/ps -fC $kubeletbin

or

/bin/cat $kubeletconf

"/var/lib/kubelet/config.yaml"

"/var/lib/kubelet/config.yml"

"/etc/kubernetes/kubelet/kubelet-config.json"

"/home/kubernetes/kubelet-config.yaml"

"/home/kubernetes/kubelet-config.yml"

"/etc/default/kubeletconfig.json"

"/etc/default/kubelet"

"/var/lib/kubelet/kubeconfig"

"/var/snap/kubelet/current/args"

"/var/snap/microk8s/current/args/kubelet"

"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"

"/etc/systemd/system/kubelet.service"

"/lib/systemd/system/kubelet.service"

"/etc/systemd/system/snap.kubelet.daemon.service"

"/etc/systemd/system/snap.microk8s.daemon-kubelet.service"