Skip to content

Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Namespaces exempt of Statefulset Resource Limit

    Namespaces regular expression explicitly allowed through statefulset resource filters, e.g. setting value to "namespace1|namespace2" will exempt namespace "namespace1" and "namespace2" for stateful...
    Value
  • Ensure that Advanced Cluster Security (ACS) Sensor is deployed

    Red Hat Advanced Cluster Security (ACS) for Kubernetes provides comprehensive security for containerized environments. It offers deep visibility into deployed resources across Kubernetes clusters, ...
    Rule Medium Severity
  • Ensure that a OpenShift OAuth login template or a classification banner is set

    A legal notice must be configured. <br> This is achievable via the OAuth object by creating a custom login page, storing it in a Kubernetes Secret and referencing it in the appropriate field as <a...
    Rule Medium Severity
  • A Backup Solution Has To Be Installed

    Backup and Restore are fundamental practices when it comes to disaster recovery. By utilizing a Backup Software you are able to backup (and restore) data, which is lost, if your cluster crashes bey...
    Rule Medium Severity
  • Manage Image Provenance Using ImagePolicyWebhook

    OpenShift administrators can control which images can be imported, tagged, and run in a cluster. There are two facilities for this purpose: (1) Allowed Registries, allowing administrators to restri...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules