Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.
An XCCDF Rule
Description
RBAC Integration and Authn/Authz Centralized authentication services provide additional functionality fulfilling security requirements: - Multi-factor authentication, which is compatible with Rancher MCM. - Disabling users after a period of time. - Storage and transmission of secure information is encrypted. - Secure authentication protocols such as LDAP over TLS, or LDAPS using FIPS 140-2 approved encryption modules. - PKI based authentication. Rancher MCM can integrate with external centralized authentication but does not offer a native solution. The authentication mechanism needs to be initially enabled and configured. The proxy authenticates users and forwards their requests to Kubernetes clusters using a service account. Satisfies: SRG-APP-000023-CTR-000055, SRG-APP-000024-CTR-000060, SRG-APP-000027-CTR-000075, SRG-APP-000029-CTR-000085, SRG-APP-000033-CTR-000095, SRG-APP-000038-CTR-000105, SRG-APP-000065-CTR-000115, SRG-APP-000099-CTR-000190, SRG-APP-000111-CTR-000220, SRG-APP-000118-CTR-000240, SRG-APP-000119-CTR-000245, SRG-APP-000120-CTR-000250, SRG-APP-000121-CTR-000255, SRG-APP-000122-CTR-000260, SRG-APP-000123-CTR-000265, SRG-APP-000126-CTR-000275, SRG-APP-000133-CTR-000310, SRG-APP-000148-CTR-000335, SRG-APP-000148-CTR-000340, SRG-APP-000148-CTR-000345, SRG-APP-000148-CTR-000350, SRG-APP-000149-CTR-000355, SRG-APP-000150-CTR-000360, SRG-APP-000156-CTR-000380, SRG-APP-000163-CTR-000395, SRG-APP-000164-CTR-000400, SRG-APP-000165-CTR-000405, SRG-APP-000166-CTR-000410, SRG-APP-000167-CTR-000415, SRG-APP-000168-CTR-000420, SRG-APP-000169-CTR-000425, SRG-APP-000170-CTR-000430, SRG-APP-000171-CTR-000435, SRG-APP-000172-CTR-000440, SRG-APP-000173-CTR-000445, SRG-APP-000174-CTR-000450, SRG-APP-000177-CTR-000465, SRG-APP-000178-CTR-000470, SRG-APP-000243-CTR-000595, SRG-APP-000317-CTR-000735, SRG-APP-000340-CTR-000770, SRG-APP-000345-CTR-000785, SRG-APP-000378-CTR-000880, SRG-APP-000378-CTR-000885, SRG-APP-000378-CTR-000890, SRG-APP-000380-CTR-000900, SRG-APP-000381-CTR-000905, SRG-APP-000384-CTR-000915, SRG-APP-000319-CTR-000745
- ID
- SV-252843r1015788_rule
- Version
- CNTR-RM-000030
- Severity
- High
- References
-
CCI-000015
CCI-000016
CCI-000044
CCI-000134
CCI-000154
CCI-000162
CCI-000163
CCI-000164
CCI-000187
CCI-000192
CCI-000193
CCI-000194
CCI-000195
CCI-000196
CCI-000197
CCI-000198
CCI-000199
CCI-000205
CCI-000206
CCI-000213
CCI-000764
CCI-000765
CCI-000766
CCI-000795
CCI-001090
CCI-001350
CCI-001368
CCI-001403
CCI-001493
CCI-001494
CCI-001495
CCI-001499
CCI-001619
CCI-001764
CCI-001812
CCI-001813
CCI-001814
CCI-001941
CCI-002142
CCI-002235
CCI-002238
CCI-003627
CCI-003938
CCI-003980
CCI-004045
CCI-004061
CCI-004062
CCI-004066
- Updated
Remediation Templates
A Manual Procedure
RBAC Integration and Authn/Authz
Navigate to Triple Bar Symbol(Global) >> Users & Authentication >> Auth Provider.
From this screen the authentication mechanism can be selected and configured.