Openshift Security Queries

Solution In Progress - Updated -

Issue

Can we avoid local groups creation in openshift.

/etc/passwd
> dockerroot:x:***:773:Docker User:/var/lib/docker:/sbin/nologin
> etcd:x:772:***:etcd user:/var/lib/etcd:/sbin/nologin
> cockpit-ws:x:***:771:User for cockpit-ws:/:/sbin/nologin

/etc/group
> dockerroot:x:773:
> etcd:x:772:
> cockpit-ws:x:771:
  • Can we remove this setuid privilege as a root and what will be the impact after this modification.)
> -rwsr-x---. 1 root cockpit-ws 40376 May 17 17:27 /usr/libexec/cockpit-session
  • Can IP forwarding be disabled :
    ~~
    /etc/sysctl.conf
    > net.ipv4.ip_forward=1
    ~~~

Environment

  • Openshift Container Platform
    • 3.5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content