Ensure that Advanced Cluster Security (ACS) Sensor is deployed
An XCCDF Rule
Description
Red Hat Advanced Cluster Security (ACS) for Kubernetes provides comprehensive security for containerized environments. It offers deep visibility into deployed resources across Kubernetes clusters, enabling teams to detect vulnerabilities in all images, manage compliance, and enforce security policies. By integrating ACS into the Kubernetes environment, organizations can automate security checks and configurations, ensuring that every deployed application is scanned and secured according to best practices and organizational policies. Sensor is the service responsible for analyzing and monitoring the cluster. Sensor listens to the OpenShift Container Platform or Kubernetes API and Collector events to report the current state of the cluster. Sensor also triggers deploy-time and runtime violations based on RHACS Cloud Service policies. In addition, Sensor is responsible for all cluster interactions, such as applying network policies, initiating reprocessing of RHACS Cloud Service policies, and interacting with the Admission controller.
warning alert: Warning
-
/apis/apps/v1/deployments?limit=500API endpoint, filter with with thejqutility using the following filter[ .items[] | select(.metadata.name == "sensor" and .metadata.labels["app.kubernetes.io/name"] == "stackrox") | .status.availableReplicas]and persist it to the local
Rationale
ACS provides a method to continuously monitor and protect the Kubernetes environment against vulnerabilities and misconfigurations. This ensures that the infrastructure and applications are compliant with security standards and regulations, reducing the risk of security breaches.
- ID
- xccdf_org.ssgproject.content_rule_acs_sensor_exists
- Severity
- Medium
- References
- Updated