Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add OCP4 STIG control file and auto-add references #11593

Merged
merged 29 commits into from
Mar 14, 2024
Merged

Add OCP4 STIG control file and auto-add references #11593

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
5168024
Add refence file for OCP4 STIG V1R1
yuumasato Feb 5, 2024
c792a28
SRG-APP-000516-CTR-001325 is not applicable
yuumasato Feb 15, 2024
c3c83c0
Move creation of env_yaml to main func
yuumasato Feb 15, 2024
13c347f
Parse an SRG control file for matching rules
yuumasato Feb 15, 2024
4ddc42f
Grab the STIG version from the Benchmark
yuumasato Feb 15, 2024
a3feb44
Leverage reference assingment from control file
yuumasato Feb 15, 2024
54f780a
Add generated stig control file for OCP4
yuumasato Feb 15, 2024
b80c95e
Add a second product in the STIG OCP4
yuumasato Feb 15, 2024
7306bb3
Switch to the stig_ocp4 control file
yuumasato Feb 15, 2024
f2e958b
Identify and avoid duplicate references
yuumasato Feb 16, 2024
f0c1492
Avoid adding duplicate rules to a control
yuumasato Feb 16, 2024
4b815e5
Manually add rules to keep rule selection stable
yuumasato Feb 20, 2024
ba8018e
Refactor functions too complex for code climate
yuumasato Feb 20, 2024
67422d6
Do not use raise from
yuumasato Feb 20, 2024
a9c5336
Move SRG rules from control to the ocp4 profile
yuumasato Feb 29, 2024
a1e0c04
OCP4 STIG: Add spacing between the controls
yuumasato Mar 6, 2024
6753731
CNTR-OS-000380 status is manual
yuumasato Mar 6, 2024
60d2f6e
CNTR-OS-000390 status is manual
yuumasato Mar 6, 2024
6811679
CNTR-OS-00430 and CNTR-OS-00460 are not applicable
yuumasato Mar 6, 2024
a44de7c
CNTR-OS-000440 status is automated
yuumasato Mar 6, 2024
4d548e8
CNTR-OS-000500 status is manual
yuumasato Mar 6, 2024
4aa70b8
CNTR-OS-000690 is still pending
yuumasato Mar 6, 2024
04f91fc
CNTR-OS-000770 status is manual
yuumasato Mar 6, 2024
34a48d3
CNTR-OS-000820 status is manual
yuumasato Mar 6, 2024
8fcad8b
Be more strict on the captured exception
yuumasato Mar 6, 2024
2df5965
OCP4 and RHCOS4 have their own STIGID URI
yuumasato Mar 7, 2024
1e5c423
Add container-platform SRG URI
yuumasato Mar 4, 2024
126e915
Update product_stability data: ocp4 and rhcos4
yuumasato Mar 7, 2024
4d7e9a2
Update product stability data: remaining products
yuumasato Mar 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion controls/srg_ctr/SRG-APP-000156-CTR-000380.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ controls:
title: {{{ full_name }}} must use FIPS-validated SHA-1 or higher hash function
to provide replay-resistant authentication mechanisms for network access to privileged
accounts.
related_rules:
rules:
- idp_is_configured
- ocp_idp_no_htpasswd
- kubeadmin_removed
Expand Down
4 changes: 2 additions & 2 deletions controls/srg_ctr/SRG-APP-000516-CTR-001325.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ controls:
title: Container platform components must be configured in accordance with the security
configuration settings based on DoD security configuration or implementation guidance,
including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.
rules:
related_rules:
- accounts_restrict_service_account_tokens
- accounts_unique_service_account
- api_server_admission_control_plugin_alwaysadmit
Expand Down Expand Up @@ -197,4 +197,4 @@ controls:
- file_groupowner_ovn_db_files
- file_owner_ovn_db_files
- file_permissions_ovn_db_files
status: automated
status: not applicable
Loading
Loading