I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000505-CTR-001285
<GroupDescription></GroupDescription>Group -
OpenShift audit records must record user access start and end times.
<VulnDiscussion>OpenShift must generate audit records showing start and end times for users and services acting on behalf of a user accessing...Rule Medium Severity -
SRG-APP-000506-CTR-001290
<GroupDescription></GroupDescription>Group -
OpenShift must generate audit records when concurrent logons from different workstations and systems occur.
<VulnDiscussion>OpenShift and its components must generate audit records for concurrent logons from workstations perform remote maintenance, ...Rule Medium Severity -
SRG-APP-000141-CTR-000315
<GroupDescription></GroupDescription>Group -
Red Hat Enterprise Linux CoreOS (RHCOS) must disable SSHD service.
<VulnDiscussion>Any direct remote access to the RHCOS nodes is not allowed. RHCOS is a single-purpose container operating system and is only ...Rule High Severity -
SRG-APP-000141-CTR-000315
<GroupDescription></GroupDescription>Group -
Red Hat Enterprise Linux CoreOS (RHCOS) must disable USB Storage kernel module.
<VulnDiscussion>Disabling the USB Storage kernel module helps protect against potential data exfiltration or unauthorized access to sensitive...Rule Medium Severity -
SRG-APP-000141-CTR-000315
<GroupDescription></GroupDescription>Group -
Red Hat Enterprise Linux CoreOS (RHCOS) must use USBGuard for hosts that include a USB Controller.
<VulnDiscussion>USBGuard adds an extra layer of security to the overall OpenShift infrastructure. It provides an additional control mechanism...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.