Australian Cyber Security Centre (ACSC) Essential Eight
Rules and Groups employed by this XCCDF Profile
-
Kubernetes Settings
Each section of this configuration guide includes information about the configuration of a Kubernetes cluster and a set of recommendations for hard...Group -
OpenShift Kube API Server
This section contains recommendations for kube-apiserver configuration.Group -
Configure the Encryption Provider Cipher
<p> When you enable etcd encryption, the following OpenShift API server and Kubernetes API server resources are encrypted: <ul> <li>...Rule Medium Severity -
Use Strong Cryptographic Ciphers on the API Server
To ensure that the API Server is configured to only use strong cryptographic ciphers, verify the <code>openshift-kube-apiserver</code> configmap co...Rule Medium Severity -
Authentication
In cloud workloads, there are many ways to create and configure to multiple authentication services. Some of these authentication methods by not be...Group -
Do Not Use htpasswd-based IdP
<p> For users to interact with OpenShift Container Platform, they must first authenticate to the cluster. The authentication layer i...Rule Medium Severity -
Kubernetes - General Security Practices
Contains evaluations for general security practices for operating a Kubernetes environment.Group -
This is a helper rule to fetch the required api resource for detecting HyperShift OCP version
no descriptionRule Medium Severity -
This is a helper rule to fetch the required api resource for detecting OCP version
no descriptionRule Medium Severity -
Role-based Access Control
Role-based access control (RBAC) objects determine whether a user is allowed to perform a given action within a project. Cluster administrators ca...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules