Skip to content
Log In

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000504-CTR-001280

    Group
    Show

  • Red Hat Enterprise Linux CoreOS (RHCOS) must be configured to audit the loading and unloading of dynamic kernel modules.

    By generating audit logs for the loading and unloading of dynamic kernel modules, OpenShift enables administrators and security teams to track and investigate any unauthorized or suspicious changes...
    Rule Medium Severity
    Show

  • SRG-APP-000505-CTR-001285

    Group
    Show

  • OpenShift audit records must record user access start and end times.

    OpenShift must generate audit records showing start and end times for users and services acting on behalf of a user accessing the registry and keystore. These components must use the same standard ...
    Rule Medium Severity
    Show

  • SRG-APP-000506-CTR-001290

    Group
    Show

  • OpenShift must generate audit records when concurrent logons from different workstations and systems occur.

    OpenShift and its components must generate audit records for concurrent logons from workstations perform remote maintenance, runtime instances, connectivity to the container registry, and keystore....
    Rule Medium Severity
    Show

  • SRG-APP-000141-CTR-000315

    Group
    Show

  • Red Hat Enterprise Linux CoreOS (RHCOS) must disable SSHD service.

    Any direct remote access to the RHCOS nodes is not allowed. RHCOS is a single-purpose container operating system and is only supported as a component of the OpenShift Container Platform. Remote man...
    Rule High Severity
    Show

  • SRG-APP-000141-CTR-000315

    Group
    Show

  • Red Hat Enterprise Linux CoreOS (RHCOS) must disable USB Storage kernel module.

    Disabling the USB Storage kernel module helps protect against potential data exfiltration or unauthorized access to sensitive data. USB storage devices can be used to transfer data in and out of th...
    Rule Medium Severity
    Show

  • SRG-APP-000141-CTR-000315

    Group
    Show

  • Red Hat Enterprise Linux CoreOS (RHCOS) must use USBGuard for hosts that include a USB Controller.

    USBGuard adds an extra layer of security to the overall OpenShift infrastructure. It provides an additional control mechanism to prevent potential security threats originating from USB devices. By ...
    Rule Medium Severity
    Show

  • SRG-APP-000516-CTR-001335

    Group
    Show

  • OpenShift must continuously scan components, containers, and images for vulnerabilities.

    Finding vulnerabilities quickly within the container platform and within containers deployed within the platform is important to keep the overall platform secure. When a vulnerability within a comp...
    Rule Medium Severity
    Show

  • SRG-APP-000610-CTR-001385

    Group
    Show

  • OpenShift must use FIPS-validated SHA-2 or higher hash function for digital signature generation and verification (nonlegacy use).

    Using a FIPS-validated SHA-2 or higher hash function for digital signature generation and verification in OpenShift ensures strong cryptographic security, compliance with industry standards, and pr...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules