Skip to content

Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000505-CTR-001285

    <GroupDescription></GroupDescription>
    Group
  • OpenShift audit records must record user access start and end times.

    &lt;VulnDiscussion&gt;OpenShift must generate audit records showing start and end times for users and services acting on behalf of a user accessing...
    Rule Medium Severity
  • SRG-APP-000506-CTR-001290

    <GroupDescription></GroupDescription>
    Group
  • OpenShift must generate audit records when concurrent logons from different workstations and systems occur.

    &lt;VulnDiscussion&gt;OpenShift and its components must generate audit records for concurrent logons from workstations perform remote maintenance, ...
    Rule Medium Severity
  • SRG-APP-000141-CTR-000315

    <GroupDescription></GroupDescription>
    Group
  • Red Hat Enterprise Linux CoreOS (RHCOS) must disable SSHD service.

    &lt;VulnDiscussion&gt;Any direct remote access to the RHCOS nodes is not allowed. RHCOS is a single-purpose container operating system and is only ...
    Rule High Severity
  • SRG-APP-000141-CTR-000315

    <GroupDescription></GroupDescription>
    Group
  • Red Hat Enterprise Linux CoreOS (RHCOS) must disable USB Storage kernel module.

    &lt;VulnDiscussion&gt;Disabling the USB Storage kernel module helps protect against potential data exfiltration or unauthorized access to sensitive...
    Rule Medium Severity
  • SRG-APP-000141-CTR-000315

    <GroupDescription></GroupDescription>
    Group
  • Red Hat Enterprise Linux CoreOS (RHCOS) must use USBGuard for hosts that include a USB Controller.

    &lt;VulnDiscussion&gt;USBGuard adds an extra layer of security to the overall OpenShift infrastructure. It provides an additional control mechanism...
    Rule Medium Severity
  • SRG-APP-000516-CTR-001335

    <GroupDescription></GroupDescription>
    Group
  • OpenShift must continuously scan components, containers, and images for vulnerabilities.

    &lt;VulnDiscussion&gt;Finding vulnerabilities quickly within the container platform and within containers deployed within the platform is important...
    Rule Medium Severity
  • SRG-APP-000610-CTR-001385

    <GroupDescription></GroupDescription>
    Group
  • OpenShift must use FIPS-validated SHA-2 or higher hash function for digital signature generation and verification (nonlegacy use).

    &lt;VulnDiscussion&gt;Using a FIPS-validated SHA-2 or higher hash function for digital signature generation and verification in OpenShift ensures s...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules