Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-57358

Compliance Operator - Add a section to inform that if enabling STIG profile - SSH will be disabled

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 3
    • Moderate
    • None
    • None
    • None
    • None
    • OSDOCS Sprint 274, OSDOCS Sprint 275
    • 2
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      
Please add a warning section to the Compliance Profiles docs below to inform admins that if the rule `rhcos4-service-sshd-disabled` will be remediated, the SSH to the nodes will be lost.

All affected profiles:

$ oc get profile -n openshift-compliance  -o json | jq -r '.items[] | select(.rules[] == "rhcos4-service-sshd-disabled") | .metadata.name'
rhcos4-high
rhcos4-high-rev-4
rhcos4-stig
rhcos4-stig-v1r1

The warning should say:

If profile contain the rule `rhcos4-service-sshd-disabled` then access to the master and worker nodes will be disabled. To workaround the issue, please run tailoredProfile with configuration to disable the rule if SSH access should be kept.

      Version-Release number of selected component (if applicable):

      Compliance Operator 
OCP - 4.14 -> 4.18

      How reproducible:

      Steps to Reproduce:

          1.
    2.
    3.

      Actual results:

      Expected results:

      Additional info:

              dfitzmau@redhat.com Darragh Fitzmaurice
              rhn-support-vwalek Vladislav Walek
              None
              None
              Xiaojie Yuan Xiaojie Yuan
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: