Documentation - V-257517

V-257517

Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide

CAT II

Title

OpenShift must generate audit records for all DOD-defined auditable events within all components in the platform.

Description

<VulnDiscussion>The OpenShift Platform supports three audit levels: Default, WriteRequestBodies, and AllRequestBodies. The identities of the users are logged for all three audit levels log level. The WriteRequestBodies will log the metadata and the request body for any create, update, or patch request. The AllRequestBodies will log the metadata and the request body for all read and write requests. As this generates a significant number of logs, this level is only to be used as needed. To capture...

Fix Text (Documentation Requirement)

As the cluster administrator, update the APIServer.config.openshift.io/cluster object to set the profile to the defined level of detail. For example, to configure the profile to WriteRequestBodies, meaning that all write requests to any API server object are logged in their entirety, execute the following: oc patch apiserver.config.openshift.io/cluster --type=merge -p '{'spec': {'audit': {'profile': 'WriteRequestBodies'}}}' Where OpenShift Virtualization is enabled: To remove the errorPolicy flag on the first disk (index 0) of a given VM, use this command: $ oc patch vm <vm-name> --type='json' -p='[ {"op": "remove", "path": "/spec/template/spec/domain/devices/disks/0/errorPolicy"}, ]'

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel