Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Use Strong Cryptographic Ciphers on the API Server
To ensure that the API Server is configured to only use strong cryptographic ciphers, verify the <code>openshift-kube-apiserver</code> configmap contains the following set of ciphers, with no addit...Rule Medium Severity -
Configure the Certificate Key for the API Server
To ensure the API Server utilizes its own TLS certificates, the <code>tls-private-key-file</code> must be configured. Verify that the <code>apiServerArguments</code> section has the <code>tls-priva...Rule Medium Severity -
Ensure custom tlsSecurityProfile configured for APIServer uses secure TLS version
The configuration <code>tlsSecurityProfile</code> specifies TLS configurations to be used while establishing connections with the externally exposed servers. Though secure transport mode is used fo...Rule Medium Severity -
Ensure APIServer is not configured with Old tlsSecurityProfile
The configuration <code>tlsSecurityProfile</code> specifies TLS configurations to be used while establishing connections with the externally exposed servers. Though secure transport mode is used fo...Rule Medium Severity -
Ensure that Audit Log Webhook Is Configured
Audit is on by default and the best practice is to ship audit logs off an cluster for retention. HyperShift is able to do this with the a audit webhook, which is configured in the HostedCluster cus...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules