MEDIUM M12: Audit Profile P3

🟡 Pending 📦 Compare Branch

Overview

This remediation configures the OpenShift API server audit logging to capture request and response bodies, providing enhanced visibility into cluster operations.

Settings

Setting Value Description
audit.profile WriteRequestBodies Enhanced audit logging with request bodies

Implementation

Modify the APIServer custom resource:

apiVersion: config.openshift.io/v1
kind: APIServer
metadata:
  name: cluster
spec:
  audit:
    profile: WriteRequestBodies

Apply with:

oc patch apiserver cluster --type merge -p '{"spec":{"audit":{"profile":"WriteRequestBodies"}}}'

Audit Profile Options

Profile Description
Default Log metadata for all requests
WriteRequestBodies Log metadata and request bodies for write operations
AllRequestBodies Log metadata and request bodies for all operations
None Disable API audit logging (not recommended)

Compliance Checks Remediated

Check Profile Docs
ocp4-cis-audit-profile-set CIS 📖

Source Remediation Files

  • medium/ocp4-cis-audit-profile-set.yaml

Verification

Check current audit profile:

oc get apiserver cluster -o jsonpath='{.spec.audit.profile}'
# Expected: WriteRequestBodies

Security Impact

Enhanced audit logging provides:

  • Full request body capture for forensic analysis
  • Visibility into what was created/modified
  • Compliance evidence for security audits
  • Incident response capability

Note: WriteRequestBodies increases log volume. Ensure adequate log storage capacity.

← M11 All Groups L1 →
Legend
Status
🔵 In Progress
🟡 Pending
⚪ On Hold
🟢 Complete
Severity
HIGH
MEDIUM
LOW
MANUAL

Keyboard Shortcuts

Navigation
j / Next row
k / Previous row
Enter Open selected / Expand details
Esc Clear selection / Close modal
Actions
/ Focus search
d Toggle dark mode
? Show this help
g h Go to home
Filters
1 Show all
2 Pending only
3 In Progress only
4 Complete only