Capacity
CIP-004-6 R2.2.3
1
Rule
Severity: Medium
Ensure that Audit Log Forwarding Is Enabled
1
Rule
Severity: Medium
Configure An Identity Provider
1
Rule
Severity: Medium
Configure OAuth server so that tokens expire after a set period of inactivity
1
Rule
Severity: Medium
Configure OAuth tokens to expire after a set period of inactivity
1
Rule
Severity: Medium
Configure OAuth clients so that tokens expire after a set period of inactivity
1
Rule
Severity: Medium
Do Not Use htpasswd-based IdP
1
Rule
Severity: High
Only Use LDAP-based IdPs with TLS
1
Rule
Severity: Medium
Ensure that the kubeadmin secret has been removed
18
Rule
Severity: Medium
Require Authentication for Single User Mode
22
Rule
Severity: Medium
Set Account Expiration Following Inactivity
30
Rule
Severity: Low
All GIDs referenced in /etc/passwd must be defined in /etc/group
28
Rule
Severity: Medium
Verify No netrc Files Exist
30
Rule
Severity: High
Verify Only Root Has UID 0
29
Rule
Severity: Medium
Direct root Logins Not Allowed
23
Rule
Severity: Medium
Set Interactive Session Timeout
29
Rule
Severity: Medium
Record Events that Modify User/Group Information
9
Rule
Severity: Medium
Set existing passwords a period of inactivity before they been locked
29
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/group
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/group
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/gshadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/gshadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/passwd
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/passwd
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/shadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/shadow
27
Rule
Severity: Medium
Configure auditd mail_acct Action on Low Disk Space
28
Rule
Severity: Medium
Configure auditd Max Log File Size
30
Rule
Severity: Medium
Configure auditd Number of Logs Retained
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/group
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/gshadow
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/security/opasswd
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/passwd
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/shadow
14
Rule
Severity: Medium
Record Any Attempts to Run semanage
30
Rule
Severity: Medium
Restrict Exposed Kernel Pointer Addresses Access
30
Rule
Severity: Medium
Enable Randomized Layout of Virtual Address Space
30
Rule
Severity: High
Ensure SELinux State is Enforcing
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - chage
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - chsh
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd
13
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newgrp
13
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - passwd
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
12
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl
14
Rule
Severity: Medium
Configure auditd flush priority
29
Rule
Severity: Medium
Set SSH Client Alive Count Max to zero
29
Rule
Severity: Medium
Set SSH Client Alive Count Max
29
Rule
Severity: Medium
Set SSH Client Alive Interval
30
Rule
Severity: Medium
Disable Host-Based Authentication
30
Rule
Severity: Medium
Disable SSH Root Login
29
Rule
Severity: Unknown
Limit Users' SSH Access
13
Rule
Severity: Medium
Ensure SELinux Not Disabled in the kernel arguments
16
Rule
Severity: Medium
Ensure SELinux Not Disabled in /etc/default/grub
18
Rule
Severity: Medium
Configure SELinux Policy
5
Rule
Severity: Medium
Configure Logind to terminate idle sessions after certain time of inactivity
1
Rule
Severity: Medium
Ensure that the cluster's audit profile is properly set
1
Rule
Severity: Medium
Verify Permissions on the OpenShift PKI Private Key Files
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules