![]() HTTPS (default 443) port is opened for outbound connectivity to internet.For this release, we support OKD 3.11 on CentOS 7.The OS on the Docker host must be Ubuntu 16, Red Hat Enterprise Linux 7, or CentOS 7.This release supports CIS Docker 1.12.0 and 1.13.0.Ensure that the computer on which the connector is downloaded has Java OpenJDK 11.0.2 installed on it.The following resources consume a product license:Įnsure that the computer on which the connector is downloaded meets the following prerequisites: OpenShift data (OpenShift Master & OpenShift Worker) The OpenShift connector enables you to collectĭocker data (Docker Host, Docker Container, and Docker Daemon) Securing the Docker host and OpenShift clustered environments and following your infrastructure security best practices helps build a solid and secure foundation for executing containerized workloads. These policies cover security recommendations that you should follow to prepare the host or cluster that you plan to use for executing containerized workloads. Using this policies, you can evaluate OpenShift Master & OpenShift Workers against BMC security benchmark for OpenShift cluster. ![]() In addition, the OpenShift connector enables you to collect data from OpenShift Master & OpenShift Workers and evaluate OpenShift content against the Kubernetes CIS benchmark & OpenShift best practices.īMC OpenShift Benchmark - Master & Worker policies are available as out-of-the-box content. This also supports CIS Docker 1.13.0 Benchmark Version 1.0.0, published on January 19th, 2017. This policy is created based on the recommended Docker Host, Docker Container, and Docker Daemon settings defined by CIS Docker 1.12.0 Benchmark Version 1.0.0, published on September 15th, 2016 The OpenShift connector enables you to collect data from Docker Containers, Docker Hosts & Docker Daemons and evaluate Docker content against the Center for Internet Security (CIS) Docker 1.12 Benchmark. After evaluation, the arf.xml file will contain all results in a reusable Result DataStream format, report.html will contain a dynamic, human readable report that can be opened in a browser.įor more detailed information about how to use this command-line tool, please see the respective documentation for OpenSCAP base.To access the latest information about this topic and all Cloud Security releases, check out the Release notes and notices. Replace selected_profile with some profile of your choice. # oscap xccdf eval -profile selected_profile -results-arf arf.xml -report report.html /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml If you need help with choosing a profile, please see Choosing Policy section. # oscap info /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml You can display all available profiles using the info command upon the datastream like in this example: Concrete security policy is selected by choosing a profile. Its purpose is to scan the local machine. It is a command line interface of the OpenSCAP scanner. You can use the content with the oscap tool. Using SCAP Security Guide in the OpenSCAP scanner Security policies in SCAP Security Guide are available for various operating systems and other software – Fedora, Red Hat Enterprise Linux, Mozilla Firefox and others. If your systems must to comply to these baselines, you simply select appropriate profile from SCAP Security Guide. The DISA STIG for RHEL 6, which provides required settings for US Department of Defense systems, is one example of a baseline created from this guidance. SCAP Security Guide builds multiple security baselines from a single high-quality SCAP content. SCAP Security Guide transforms these security guidances into a machine readable format which then can be used by OpenSCAP to audit your system. SCAP Security Guide implements security guidances recommended by respected authorities, namely PCI DSS, STIG, and USGCB. SCAP Security Guide, together with OpenSCAP tools, can be used for auditing your system in an automated way. The guide consists of rules with very detailed description and also includes proven remediation scripts, optimized for target systems. The security policy created in SCAP Security Guide covers many areas of computer security and provides the best-practice solutions. SCAP Security Guide is a security policy written in a form of SCAP documents.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |