STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Rancher Government Solutions RKE2 Security Technical Implementation Guide

V-254563

CAT II (Medium)

All audit records must identify any containers associated with the event within Rancher RKE2.

Rule ID

SV-254563r960906_rule

STIG

Rancher Government Solutions RKE2 Security Technical Implementation Guide

Version

V2R6

CCIs

CCI-001487

Discussion

Ensure that the --audit-log-maxage argument is set to 30 or as appropriate. Retaining logs for at least 30 days ensures that you can go back in time and investigate or correlate any events. Set your audit log retention period to 30 days or as per your business requirements. Result: Pass

Check Content

Ensure audit-log-maxage is set correctly.

Run the below command on the RKE2 Control Plane:
/bin/ps -ef | grep kube-apiserver | grep -v grep

If --audit-log-maxage argument is not set to at least 30 or is not configured, this is a finding. 
(By default, RKE2 sets the --audit-log-maxage argument parameter to 30.)

Fix Text

Edit the RKE2 Configuration File /etc/rancher/rke2/config.yaml on the RKE2 Control Plane and set the following "kube-apiserver-arg" argument:

- audit-log-maxage=30

Once the configuration file is updated, restart the RKE2 Server. Run the command:
systemctl restart rke2-server