Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure Eviction threshold Settings Are Set - evictionSoft: nodefs.inodesFree
<p>Two types of garbage collection are performed on an OpenShift Container Platform node:</p> <ul> <li>Container garbage collection: Removes terminated ...Rule Medium Severity -
Ensure that Audit Log Errors Emit Alerts
<p> OpenShift audit works at the API server level, logging all requests coming to the server. However, if API server instance is unable to write errors, an alert must be issued in order for the org...Rule High Severity -
Ensure that API server audit logging is enabled
OpenShift has the ability to audit API server requests. Audit provides a security-relevant chronological set of records documenting the sequence of activities that have affected system by individua...Rule Medium Severity -
Ensure that the cluster's audit profile is properly set
<p> OpenShift can audit the details of requests made to the API server through the standard Kubernetes audit capabilities. </p> <p> In OpenShift, auditing of the API S...Rule Medium Severity -
Ensure /var/log/kube-apiserver Located On Separate Partition
Kubernetes API server audit logs are stored in the <code>/var/log/kube-apiserver</code> directory. <p> Partitioning Red Hat CoreOS is a Day 1 operation and cannot be changed afterwards. For documen...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules