Ensure the notification is enabled for Compliance Operator

An XCCDF Rule

Description

The OpenShift platform provides the Compliance Operator for administrators to monitor compliance state of a cluster and provides them with an overview of gaps and ways to remediate them, and this control ensures proper notification alert is enabled for Compliance Operator so that system administrators and security personnel are notified about the alerts on compliance status.

warning alert: Warning

This rule's check operates on the cluster configuration dump. Therefore, you need to use a tool that can query the OCP API, retrieve the following:

/apis/monitoring.coreos.com/v1/prometheusrules API endpoint, filter with with the jq utility using the following filter [.items[] | select(.metadata.name =="compliance") | .metadata.name] and persist it to the local /apis/monitoring.coreos.com/v1/prometheusrules#072ed9f332a070eff46523f9b3fed7228157202473b723cca2cc376c9def8a2b file.

Rationale

Compliance alert enables OpenShift administrators to be informed on the system compliance status

ID: xccdf_org.ssgproject.content_rule_compliance_notification_enabled
Severity: Medium
References: SI-4(24) SI-6

CCE-86032-0
Updated: about 1 year ago