Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Configure OAuth server so that tokens have a maximum age set
<p> You can configure OAuth tokens to have have a custom duration. By default, the tokens are valid for 24 hours (86400 seconds). </...Rule Medium Severity -
Kube controller manager config check - secure port
Kube controller manager config check - secure portValue -
Kube controller manager config check - service account CA
Kube controller manager config check - service account CAValue -
Kube controller manager config check - service account private key
Kube controller manager config check - service account private keyValue -
Kube controller manager config check - use service account
Kube controller manager config check - use service accountValue -
Configure which node to scan based on role
Configure which node to scan based on roleValue -
Configure OAuth clients so that tokens expire after a set period of inactivity
<p> You can configure OAuth tokens to expire after a set period of inactivity. By default, no token inactivity timeout is set. </p> ...Rule Medium Severity -
Configure OAuth clients so that tokens have a maximum age set
<p> You can configure OAuth tokens to have have a custom duration. By default, the tokens are valid for 24 hours (86400 seconds). </...Rule Medium Severity -
Do Not Use htpasswd-based IdP
<p> For users to interact with OpenShift Container Platform, they must first authenticate to the cluster. The authentication layer i...Rule Medium Severity -
Only Use LDAP-based IdPs with TLS
<p> For users to interact with OpenShift Container Platform, they must first authenticate to the cluster. The authentication layer i...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.