Skip to content

Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure that the bind-address parameter is not used

    The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authenticatio...
    Rule Medium Severity
  • Ensure that the port parameter is zero

    The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authenticatio...
    Rule Medium Severity
  • Kubernetes Secrets Management

    Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Such information might otherwise be put in a...
    Group
  • Verify User Who Owns The Worker Kubeconfig File

    To properly set the owner of /var/lib/kubelet/kubeconfig, run the command:
    $ sudo chown root /var/lib/kubelet/kubeconfig 
    Rule Medium Severity
  • Consider external secret storage

    Consider the use of an external secrets storage and management system, instead of using Kubernetes Secrets directly, if you have more complex secre...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules