Skip to content

Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure no RoleBindings set for default Service Account

    Using the <code>default</code> service account prevents accurate application rights review and audit tracing. Instead of <code>default</code>, create a new and unique service account and associate ...
    Rule Medium Severity
  • Ensure Usage of Unique Service Accounts

    Using the <code>default</code> service account prevents accurate application rights review and audit tracing. Instead of <code>default</code>, create a new and unique service account with the follo...
    Rule Medium Severity
  • Enable the NodeRestriction Admission Control Plugin

    To limit the <code>Node</code> and <code>Pod</code> objects that a kubelet could modify, ensure that the <code>NodeRestriction</code> plugin on kubelets is enabled in the api-server configuration b...
    Rule Medium Severity
  • Enable the ServiceAccount Admission Control Plugin

    To ensure <code>ServiceAccount</code> objects must be created and granted before pod creation is allowed, follow the documentation and create <code>ServiceAccount</code> objects as per your environ...
    Rule Medium Severity
  • Ensure that anonymous requests to the API Server are authorized

    By default, anonymous access to the OpenShift API is enabled, but at the same time, all requests must be authorized. If no authentication mechanism is used, the request is assigned the <code>system...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules