NIST 800-53 Moderate-Impact Baseline for Red Hat OpenShift - Platform level
Rules and Groups employed by this XCCDF Profile
-
Configure the Service Account Private Key for the Controller Manager
To ensure the API Server utilizes its own key pair, set the <code>privateKeyFile</code> parameter to the public key file for service accounts in the <code>openshift-kube-controller-manager</code> c...Rule Medium Severity -
Ensure that use-service-account-credentials is enabled
To ensure individual service account credentials are used, set the <code>use-service-account-credentials</code> option to <code>true</code> in the <code>openshift-kube-controller-manager</code> con...Rule Medium Severity -
OpenShift etcd Settings
Contains rules that check correct OpenShift etcd settings.Group -
Disable etcd Self-Signed Certificates
To ensure the <code>etcd</code> service is not using self-signed certificates, run the following command: <pre>$ oc get cm/etcd-pod -n openshift-etcd -o yaml</pre> The etcd pod configuration contai...Rule Medium Severity -
Ensure That The etcd Client Certificate Is Correctly Set
To ensure the etcd service is serving TLS to clients, make sure the <code>etcd-pod*</code> ConfigMaps in the <code>openshift-etcd</code> namespace contain the following argument for the <code>etcd<...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules