Skip to content

OpenShift must generate audit records when successful/unsuccessful attempts to modify privileges occur.

An XCCDF Rule

Description

<VulnDiscussion>Audit records provide a crucial source of information for security monitoring and incident response. By generating audit records for privilege modification attempts, OpenShift enables administrators and security teams to track and investigate any unauthorized or suspicious changes to privileges. These records serve as an essential source of evidence for detecting and responding to potential security incidents. Audit records for unsuccessful attempts to modify privileges help in identifying unauthorized activities or potential attacks. If an unauthorized entity attempts to modify privileges, the audit records can serve as an early warning sign of a security threat. By monitoring and analyzing such records, administrators can detect and mitigate potential security breaches before they escalate. Audit records play a vital role in forensic analysis and investigation. In the event of a security incident or suspected compromise, audit logs for privilege modifications provide valuable information for understanding the scope and impact of the incident.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-257575r921668_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Apply the machine config to generate audit records when successful/unsuccessful attempts to modify privileges by executing the following:

for mcpool in $(oc get mcp -oname | sed "s:.*/::" ); do
echo "apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata: