Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- FedRAMP_Moderate
- security-pm

Story Points:
2
Blocked:
False
Ready:
False
Epic Link:
CMP-888
Feature Link:
OCPPLAN-6104 - FedRAMP moderate controls
Release Note Text:
Undefined
Market:

Sprint:
CMP Sprint 31, CMP Sprint 32, CMP Sprint 33

SFDC Cases Links:
SFDC Cases Counter:

AU-4 wants:

“The organization allocates audit record storage capacity in accordance with [Assignment: organization-defined audit record storage requirements].”

This is normally achieved by a separate partition for /var/log. We don't seem to have such rule for RHCOS (the rules are there but they are commented out).

Acceptance criteria:

test out the partitioning (https://docs.openshift.com/container-platform/4.7/installing/installing_platform_agnostic/installing-platform-agnostic.html#installation-user-infra-machines-advanced_vardisk_installing-platform-agnostic)
create a CaC rule that checks if /var/log, /var/log/audit, /var/log/kube-apiserver, /var/log/openshift-apiservre and /var/log/oauth-apiserver are on separate partitions (this might be an overkill? Could we get away with just /var/log?)

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

99-var-log-partition.yaml
0.8 kB
2021/07/01 8:48 PM

Assignee:: Jakub Hrozek

Reporter:: Jakub Hrozek

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2021/05/18 12:40 PM

Updated:: 2022/03/15 5:14 PM

Resolved:: 2021/07/26 8:49 PM

Details

Description

Attachments

Attachments

Activity

People

Dates