Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Verify User Who Owns the Worker Certificate Authority File
To properly set the owner of/etc/kubernetes/kubelet-ca.crt, run the command:$ sudo chown root /etc/kubernetes/kubelet-ca.crt
Rule Medium Severity -
Ensure that Compliance Operator is scanning the cluster
<a href="https://docs.openshift.com/container-platform/latest/security/compliance_operator/compliance-operator-understanding.html#compliance-operator-understanding">The Compliance Operator</a> scan...Rule Medium Severity -
Ensure that Compliance Operator scans are running periodically
<a href="https://docs.openshift.com/container-platform/latest/security/compliance_operator/compliance-operator-understanding.html#compliance-operator-understanding">The Compliance Operator</a> scan...Rule Medium Severity -
Security Context Constraints (SCC)
Similar to the way that RBAC resources control user access, administrators can use Security Context Constraints (SCCs) to control permissions for pods. These permissions include actions that a pod,...Group -
Permitted SCCs with allowedCapabilities
A regular expression that lists all SCCs that are permitted to set the allowedCapabilities attributeValue
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules