Enable AutoApplyRemediation for at least One ScanSetting
An XCCDF Rule
Description
The Compliance Operator scans the hosts and the platform (OCP) configurations for software flaws and improper configurations according to different compliance benchmarks. Compliance Operator allows its scans to automatically apply remediations for failed rules, if such remediations exist. Applying remediations automatically should only be done with careful consideration. The Compliance Operator does not automatically resolve dependency issues that can occur between remediations. Users should perform a rescan after remediations are applied to ensure accurate results.
warning alert: Warning
This rule's check operates on the cluster configuration dump.
Therefore, you need to use a tool that can query the OCP API, retrieve the
/apis/compliance.openshift.io/v1alpha1/scansettings API endpoint to the local Rationale
With enabled AutoApplyRemediation compliance failures get automatically corrected.
- ID
- xccdf_org.ssgproject.content_rule_scansetting_has_autoapplyremediations
- Severity
- Medium
- References
- Updated