Skip to content

Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000496-CTR-001240

    <GroupDescription></GroupDescription>
    Group
  • OpenShift must generate audit records when successful/unsuccessful attempts to modify security objects occur.

    &lt;VulnDiscussion&gt;OpenShift and its components must generate audit records when modifying security objects. All the components must use the sam...
    Rule Medium Severity
  • SRG-APP-000499-CTR-001255

    <GroupDescription></GroupDescription>
    Group
  • OpenShift must generate audit records when successful/unsuccessful attempts to delete privileges occur.

    &lt;VulnDiscussion&gt;Audit records for unsuccessful attempts to delete privileges help in identifying unauthorized activities or potential attacks...
    Rule Medium Severity
  • SRG-APP-000501-CTR-001265

    <GroupDescription></GroupDescription>
    Group
  • OpenShift must generate audit records when successful/unsuccessful attempts to delete security objects occur.

    &lt;VulnDiscussion&gt;By generating audit records for security object deletions, OpenShift enables administrators and security teams to track and i...
    Rule Medium Severity
  • SRG-APP-000503-CTR-001275

    <GroupDescription></GroupDescription>
    Group
  • OpenShift must generate audit records when successful/unsuccessful logon attempts occur.

    &lt;VulnDiscussion&gt;Audit records provide valuable information for security monitoring and intrusion detection. By generating audit logs for logo...
    Rule Medium Severity
  • SRG-APP-000504-CTR-001280

    <GroupDescription></GroupDescription>
    Group
  • Red Hat Enterprise Linux CoreOS (RHCOS) must be configured to audit the loading and unloading of dynamic kernel modules.

    &lt;VulnDiscussion&gt;By generating audit logs for the loading and unloading of dynamic kernel modules, OpenShift enables administrators and securi...
    Rule Medium Severity
  • SRG-APP-000505-CTR-001285

    <GroupDescription></GroupDescription>
    Group
  • OpenShift audit records must record user access start and end times.

    &lt;VulnDiscussion&gt;OpenShift must generate audit records showing start and end times for users and services acting on behalf of a user accessing...
    Rule Medium Severity
  • SRG-APP-000506-CTR-001290

    <GroupDescription></GroupDescription>
    Group
  • OpenShift must generate audit records when concurrent logons from different workstations and systems occur.

    &lt;VulnDiscussion&gt;OpenShift and its components must generate audit records for concurrent logons from workstations perform remote maintenance, ...
    Rule Medium Severity
  • SRG-APP-000141-CTR-000315

    <GroupDescription></GroupDescription>
    Group
  • Red Hat Enterprise Linux CoreOS (RHCOS) must disable SSHD service.

    &lt;VulnDiscussion&gt;Any direct remote access to the RHCOS nodes is not allowed. RHCOS is a single-purpose container operating system and is only ...
    Rule High Severity
  • SRG-APP-000141-CTR-000315

    <GroupDescription></GroupDescription>
    Group
  • Red Hat Enterprise Linux CoreOS (RHCOS) must disable USB Storage kernel module.

    &lt;VulnDiscussion&gt;Disabling the USB Storage kernel module helps protect against potential data exfiltration or unauthorized access to sensitive...
    Rule Medium Severity
  • SRG-APP-000141-CTR-000315

    <GroupDescription></GroupDescription>
    Group
  • Red Hat Enterprise Linux CoreOS (RHCOS) must use USBGuard for hosts that include a USB Controller.

    &lt;VulnDiscussion&gt;USBGuard adds an extra layer of security to the overall OpenShift infrastructure. It provides an additional control mechanism...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules