Details
-
Feature Request
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
0
-
0%
Description
- Compliance Operator CIS Benchmark conflict
2. The OpenShift Compliance Operator includes a CIS Benchmark rule set that enforces the OpenSCAP CIS OpenShift 4 Benchmark which includes Kubernetes CIS Benchmark 5.1.3. Defining OperatorGroups intentionally creates ClusterRoles with wildcards which violates one of the rules.
3. Customers using the CIS Benchmark to harden there OpenShift clusters will see RBAC policies with wildcard verbs ("*"), in violation of the ocp4-cis-rbac-wildcard-use rule.
4. Compliance Operator profiles