Skip to content

OpenShift must prevent unauthorized changes to logon UIDs.

An XCCDF Rule

Description

<VulnDiscussion>Logon UIDs are used to uniquely identify and authenticate users within the system. By preventing unauthorized changes to logon UIDs, OpenShift ensures that user identities remain consistent and accurate. This helps maintain the integrity of user accounts and ensures that users can be properly authenticated and authorized for their respective resources and actions. User accounts and associated logon UIDs are important for security monitoring, auditing, and accountability purposes. By preventing unauthorized changes to logon UIDs, OpenShift ensures that actions performed by users can be accurately traced and attributed to the correct user account. This helps with incident investigation, compliance requirements, and maintaining overall system security.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-257534r960939_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Apply the machine config to prevent changes to logon UIDs by executing the following:

for mcpool in $(oc get mcp -oname | sed "s:.*/::" ); do
 echo "apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata: