Audit Policy
Definition
An audit policy is a set of rules and configurations that dictate how and what activities are logged within a system or application. It is essential for monitoring, compliance, and forensic analysis, providing insights into user actions, system changes, and potential security incidents. A well-defined audit policy helps ensure that all critical events are captured without overwhelming the system with excessive logging.
Secure Settings Example
# Kubernetes Audit Policy Example
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
verbs: ["create", "update", "patch", "delete"]
resources:
- group: ""
resources: ["pods", "services"]
namespaces: ["production"]
- level: RequestResponse
users: ["system:serviceaccount:kube-system:default"]
verbs: ["get", "list"]
resources:
- group: ""
resources: ["secrets"]
Insecure Settings Example
# Kubernetes Audit Policy Example with Insecure Settings
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: None
verbs: ["create", "update", "delete"]
resources:
- group: ""
resources: ["pods", "services"]
- level: Metadata
users: ["system:unauthenticated"]
verbs: ["get", "list"]
resources:
- group: ""
resources: ["secrets"]