Watson Yuuma Sato
Watson Yuuma Sato
#### Description: - `4.1` is not applicable Documentation and processes are not be created and maintained at in OpenShift. - `4.2` is partially applicable While OCP uses and can provide...
* With `HostNetwork: true` the sysctl `net.core.bpf_jit_harden` becomes visible to the `scanner` container. Below is a pod that has access to the sysctls: ```yaml apiVersion: v1 kind: Pod metadata: name:...
#### Description: - Adjust how `utils/add_kubernetes_rule.py` determines the resouces `filepath`. - Let's use the last GET attempt instead of the first one. In some cases `oc` makes multiple requests. ```...
#### Description: - Removes `ocp4` rule from `pcidss_4.yml`. Rule `audit_profile_set` is an OCP4, and it was breaking auto referencing in `pcidss_4_ocp4.yml` - Adds auto referencing to `pcidss_4_ocp4.yml`. - Add capability...
#### Description: - Add new profiles for OCP4 STIG V2R1. - Note: Aiming for a better alignment with the STIG Benchmark rules from `SRG-APP-000516-CTR-001325` are not selected anymore. - Update...
This adds BSI to the standards annotation: `policies.open-cluster-management.io/standards: BSI` And adds the requirement number to the following annotaions:: - `control.compliance.openshift.io/BSI` - `policies.open-cluster-management.io/controls` For example: `$ oc get rule upstream-ocp4-kubeadmin-removed -oyaml`...