Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Link api_server_encryption_provider_cipher with CIS 2.8 #10494

Merged
merged 1 commit into from
Jun 8, 2023
Merged

Link api_server_encryption_provider_cipher with CIS 2.8 #10494

merged 1 commit into from
Jun 8, 2023

Conversation

jhrozek
Copy link
Collaborator

@jhrozek jhrozek commented Apr 26, 2023

Description:

Links an OCP rule with the appropriate CIS control

Rationale:

CIS 1.3 control encrypt etcd is solved with the rule
api_server_encryption_provider_cipher. Because encrypting etcd is quite
an important control, we should have the rule linked.

Review Hints:

  • Check out the CIS 1.3 standard PDF

@jhrozek
Link api_server_encryption_provider_cipher with CIS 2.8
0b628c8 
CIS 1.3 control encrypt etcd is solved with the rule
api_server_encryption_provider_cipher. Because encrypting etcd is quite
an important control, we should have the rule linked.
@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@codeclimate
Copy link

codeclimate bot commented Apr 26, 2023

Code Climate has analyzed commit 0b628c8 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 52.4% (0.0% change).

View more on Code Climate.

@Mab879 Mab879 added the OpenShift OpenShift product related. label Apr 26, 2023
@Mab879 Mab879 added this to the 0.1.68 milestone Apr 26, 2023
@Mab879 Mab879 added CIS CIS Benchmark related. Update Rule Issues or pull requests related to Rules updates. labels Apr 26, 2023
@jan-cerny jan-cerny modified the milestones: 0.1.68, 0.1.69 May 29, 2023
rhmdnd
rhmdnd approved these changes Jun 8, 2023
View reviewed changes
products/ocp4/profiles/cis.profile
@@ -113,6 +113,7 @@ selections:
- api_server_etcd_ca
# 1.2.33 Ensure that the --encryption-provider-config argument is set as appropriate
# 1.2.34 Ensure that encryption providers are appropriately configured
# 2.8 Encrypt etc
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good - but for some reason control 2.8 was removed in version 1.4.0 of the benchmark.. We'll just have to update this later (or let it disappear if we decide to use the new control file format).

@rhmdnd rhmdnd merged commit c2d263a into ComplianceAsCode:master Jun 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhmdnd rhmdnd rhmdnd approved these changes

Assignees

@rhmdnd rhmdnd

Labels
CIS CIS Benchmark related. OpenShift OpenShift product related. Update Rule Issues or pull requests related to Rules updates.
Projects
None yet
Milestone
0.1.69
Development

Successfully merging this pull request may close these issues.
4 participants
@jhrozek @rhmdnd @Mab879 @jan-cerny