Ensure that File Integrity Operator is scanning the cluster

An XCCDF Rule

Description

The File Integrity Operator continually runs file integrity checks on the cluster nodes. It deploys a daemon set that initializes and runs privileged AIDE containers on each node, providing a status object with a log of files that are modified during the initial run of the daemon set pods.

warning alert: Warning

This rule's check operates on the cluster configuration dump. Therefore, you need to use a tool that can query the OCP API, retrieve the /apis/fileintegrity.openshift.io/v1alpha1/fileintegrities?limit=5 API endpoint to the local /apis/fileintegrity.openshift.io/v1alpha1/fileintegrities?limit=5 file.

Rationale

File integrity scanning able to detect potential and unauthorised access.

ID: xccdf_org.ssgproject.content_rule_file_integrity_exists
Severity: Medium
References: CIP-003-8 R4.2 CIP-003-8 R6 CIP-007-3 R4 CIP-007-3 R4.1 CIP-007-3 R4.2

CM-6(a) SC-4(23) SI-4(24) SI-6 SI-7 SI-7(1) SI-7(2)

Req-10.5.5 Req-11.5

SRG-APP-000516-CTR-001325

CCE-83657-7
Updated: about 1 year ago