Capacity
SC-8
1
Rule
Severity: Medium
Configure the Client Certificate Authority for the API Server
1
Rule
Severity: Medium
Configure the etcd Certificate Authority for the API Server
1
Rule
Severity: Medium
Configure the etcd Certificate for the API Server
1
Rule
Severity: Medium
Configure the etcd Certificate Key for the API Server
1
Rule
Severity: Medium
Ensure that the --kubelet-https argument is set to true
1
Rule
Severity: High
Configure the kubelet Certificate Authority for the API Server
2
Rule
Severity: High
Configure the kubelet Certificate File for the API Server
2
Rule
Severity: High
Configure the kubelet Certificate Key for the API Server
2
Rule
Severity: Medium
Ensure the openshift-oauth-apiserver service uses TLS
1
Rule
Severity: Medium
Configure the Certificate for the API Server
1
Rule
Severity: Medium
Configure the Certificate Key for the API Server
1
Rule
Severity: Medium
Ensure APIServer is configured with secure tlsSecurityProfile
1
Rule
Severity: Medium
Ensure custom tlsSecurityProfile configured for APIServer uses secure TLS version
1
Rule
Severity: Medium
Ensure APIServer is not configured with Old tlsSecurityProfile
1
Rule
Severity: High
Only Use LDAP-based IdPs with TLS
1
Rule
Severity: Low
Ensure Controller insecure port argument is unset
1
Rule
Severity: Medium
Ensure that the RotateKubeletServerCertificate argument is set
1
Rule
Severity: Low
Ensure Controller secure-port argument is set
1
Rule
Severity: Medium
Configure the Service Account Certificate Authority Key for the Controller Manager
1
Rule
Severity: Medium
Configure the Service Account Private Key for the Controller Manager
1
Rule
Severity: Medium
Disable etcd Self-Signed Certificates
1
Rule
Severity: Medium
Ensure That The etcd Client Certificate Is Correctly Set
1
Rule
Severity: Medium
Enable The Client Certificate Authentication
1
Rule
Severity: Medium
Ensure That The etcd Key File Is Correctly Set
1
Rule
Severity: Medium
Disable etcd Peer Self-Signed Certificates
1
Rule
Severity: Medium
Ensure That The etcd Peer Client Certificate Is Correctly Set
1
Rule
Severity: Medium
Enable The Peer Client Certificate Authentication
1
Rule
Severity: Medium
Ensure That The etcd Peer Key File Is Correctly Set
2
Rule
Severity: Medium
Ensure That The kubelet Client Certificate Is Correctly Set
2
Rule
Severity: Medium
Ensure That The kubelet Server Key Is Correctly Set
3
Rule
Severity: Medium
Ensure Kubelet is configured with allowed TLS versions
13
Rule
Severity: Medium
Verify Any Configured IPSec Tunnel Connections
14
Rule
Severity: Medium
Enable the OpenSSH Service
1
Rule
Severity: Medium
Ensure IngressController is configured to use secure tlsSecurityProfile
1
Rule
Severity: Medium
Ensure custom tlsSecurityProfile configured for IngressController uses secure TLS version
1
Rule
Severity: Medium
Ensure IngressController is not configured to use Old tlsSecurityProfile
1
Rule
Severity: Medium
Ensure that all OpenShift Routes prefer TLS
1
Rule
Severity: Medium
Ensure that the bind-address parameter is not used
1
Rule
Severity: Medium
Deactivate Wireless Network Interfaces
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules