Skip to content

Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Prevent Insecure Port Access

    By default, traffic for the OpenShift API server is served over HTTPS with authentication and authorization, and the secure API endpoint is bound to <code>0.0.0.0:8443</code>. To ensure that the in...
    Rule Medium Severity
  • Configure the API Server Minimum Request Timeout

    The API server minimum request timeout defines the minimum number of seconds a handler must keep a request open before timing it out. To set this, edit the <code>openshift-kube-apiserver</code> con...
    Rule Medium Severity
  • Ensure APIServer is configured with secure tlsSecurityProfile

    <p> The configuration <code>tlsSecurityProfile</code> specifies TLS configurations to be used while establishing connections with the externally exposed servers. Though secure transp...
    Rule Medium Severity
  • OAuth Token Maximum Age

    Enter OAuth Token Maximum Age Timeout
    Value
  • Configure An Identity Provider

    <p> For users to interact with OpenShift Container Platform, they must first authenticate to the cluster. The authentication layer identifies the user associated with requests to the...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules