Takuya Mishina

implement section 5 rules of CIS Benchmark for OpenShift with "count" function

6

## Which products and profiles does the rule apply to? - Red Hat OpenShift ## Describe the configuration setting enforced by this rule. Rules in section 5 of [CIS Benchmark...

check for makeIPTablesUtilChains does not reflect benchmark and product description

2

#### Description of problem: - Rule `kubelet_enable_iptables_util_chains` of openshift ([link](https://github.com/ComplianceAsCode/content/blob/master/applications/openshift/kubelet/kubelet_enable_iptables_util_chains/rule.yml)) checks existence of `.makeIPTablesUtilChains` and its value should be `true` ``` template: name: yamlfile_value vars: filepath: {{{ kubeletconf_path }}} yamlpath:...

new feature: cluster list/resource fetcher

4

## Overview Kubernetes resources (e.g., `kubectl get pod`) can be used as evidence. For example, `spec` of `Pod`, custom resource of an operator, and `ConfigMap` shows whether applications (pod) and...

new feature: check for compliance operator result

4

## Overview [Compliance Operator](https://github.com/openshift/compliance-operator) is a tool to validate that a cluster infrastructure complies with standard such as NIST SP 800-53, HIPAA or CIS Benchmark. It performs `openscap` command, and...