Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.12.0
Component/s: Compliance Operator
Labels:
None

Regression:
No
Epic Link:
co-1.1.0-bugs
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:
The scheduler-no-bind-address rule has been disabled on newer versions of OpenShift since the parameter was removed.

SFDC Cases Counter:
SFDC Cases Links:

Description

Description of problem:

A new install of OpenShift with the current OpenShift compliance operator installs fails on the `scheduler-no-bind-address` Compliance Rule.

This rule checks to ensure there is no external access to the OpenShift Scheduler and fails, however the port which is reviewed is not inuse.

Version-Release number of selected component (if applicable):


OpenShift: 4.12.0
OpenShift Compliance: 0.1.61

How reproducible:

Everytime

Steps to Reproduce:

1. Install a new cluster
2. Install Compliance Operator
3. Run a CIS test

Actual results:

The `scheduler-no-bind-address` rule fails.

Expected results:

The `scheduler-no-bind-address` should pass

Additional info:

The port `10251` is no longer used by OpenShift so this shouldn't fail as a security issue. It was replaced with port `10259`, which is intended to be a secure port.

Attachments

Issue Links

links to

pull request

mentioned on

Merge request - Updated US source to: 30f8329 fix: bash_ensure_mount_option_in_fstab/doc: param must start line, add types

Merge request - Updated US source to: 9668d7f Merge pull request #10675 from jhrozek/gid_regression

Activity

People

Assignee:: Jakub Hrozek

Reporter:: Michael Washer

QA Contact:: Xiaojie Yuan

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2023/03/06 3:39 AM

Updated:: 2023/07/13 12:48 AM

Resolved:: 2023/07/13 12:48 AM