Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-1906

Compliance Operator CIS Benchmark conflict

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Undefined
    • None
    • None
    • None
    • False
    • None
    • False
    • Not Selected
    • 0
    • 0% 0%

    Description

      1. Compliance Operator CIS Benchmark conflict

      2. The OpenShift Compliance Operator includes a CIS Benchmark rule set that enforces the OpenSCAP CIS OpenShift 4 Benchmark which includes Kubernetes CIS Benchmark 5.1.3. Defining OperatorGroups intentionally creates ClusterRoles with wildcards which violates one of the rules.

      3. Customers using the CIS Benchmark to harden there OpenShift clusters will see RBAC policies with wildcard verbs ("*"), in violation of the ocp4-cis-rbac-wildcard-use rule.

      4. Compliance Operator profiles

      Attachments

        Issue Links

          is cloned by

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. CMP-1600 Compliance Operator CIS Benchmark conflict

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • New
          relates to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. CMP-1600 Compliance Operator CIS Benchmark conflict

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • New

          Activity

            People

              dcaspin@redhat.com Doron Caspin
              jstonika@redhat.com William Stonikas
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: