Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure IngressController is not configured to use Old tlsSecurityProfile
The configuration <code>tlsSecurityProfile</code> specifies TLS configurations to be used while establishing connections with the externally exposed servers. Though secure transport mode is used fo...Rule Medium Severity -
Ensure that project templates autocreate Network Policies
Configure a template for newly created projects to use default network policies and make sure this template is referenced from the default project template. The OpenShift Container Platform API se...Rule Medium Severity -
Ensure that project templates autocreate Network Policies
Configure a template for newly created projects to use default network policies. For more information, follow <a href="https://docs.openshift.com/container-platform/latest/networking/network_policy...Rule Medium Severity -
Ensure that all OpenShift Routes prefer TLS
OpenShift Container Platform provides methods for communicating from outside the cluster with services running in the cluster. TLS must be used to protect these communications. OpenShift Routes pro...Rule Medium Severity -
Configure OpenShift API Server Maximum Audit Log Size
To rotate audit logs upon reaching a maximum size, edit the <code>openshift-apiserver</code> configmap and set the <code>audit-log-maxsize</code> parameter to an appropriate size in MB. For example...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules