Skip to content
Log In

Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000091-CTR-000160

    Group
    Show

  • OpenShift must generate audit records when successful/unsuccessful attempts to access privileges occur.

    OpenShift and its components must generate audit records when successful/unsuccessful attempts to access or delete security objects, security levels, and privileges occur. All the components must ...
    Rule Medium Severity
    Show

  • SRG-APP-000092-CTR-000165

    Group
    Show

  • Red Hat Enterprise Linux CoreOS (RHCOS) must initiate session audits at system startup.

    Initiating session audits at system startup allows for comprehensive monitoring of user activities and system events from the moment the system is powered on. Audit logs capture information about l...
    Rule High Severity
    Show

  • SRG-APP-000095-CTR-000170

    Group
    Show

  • All audit records must identify what type of event has occurred within OpenShift.

    Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues such as security incidents that...
    Rule Medium Severity
    Show

  • SRG-APP-000096-CTR-000175

    Group
    Show

  • OpenShift audit records must have a date and time association with all events.

    Within the container platform, audit data can be generated from any of the deployed container platform components. This audit data is important when there are issues, such as security incidents, th...
    Rule Medium Severity
    Show

  • SRG-APP-000099-CTR-000190

    Group
    Show

  • SRG-APP-000109-CTR-000215

    Group
    Show

  • SRG-APP-000111-CTR-000220

    Group
    Show

  • OpenShift components must provide the ability to send audit logs to a central enterprise repository for review and analysis.

    Sending audit logs to a central enterprise repository allows for centralized log management. Instead of scattered logs across multiple OpenShift components, having a centralized repository simplifi...
    Rule Medium Severity
    Show

  • SRG-APP-000116-CTR-000235

    Group
    Show

  • OpenShift must use internal system clocks to generate audit record time stamps.

    Knowing when a sequence of events for an incident occurred is crucial to understand what may have taken place. Without a common clock, the components generating audit events could be out of synchro...
    Rule Medium Severity
    Show

  • SRG-APP-000116-CTR-000235

    Group
    Show

  • SRG-APP-000118-CTR-000240

    Group
    Show

  • OpenShift must protect audit logs from any type of unauthorized access.

    If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. In ...
    Rule Medium Severity
    Show

  • SRG-APP-000118-CTR-000240

    Group
    Show

  • OpenShift must protect system journal file from any type of unauthorized access by setting file permissions.

    It is a fundamental security practice to enforce the principle of least privilege, where only the necessary permissions are granted to authorized entities. OpenShift must protect the system journal...
    Rule Medium Severity
    Show

  • SRG-APP-000118-CTR-000240

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules