Openshift Security Queries

Solution In Progress - Updated -

Issue

Can we avoid local groups creation in openshift.

/etc/passwd
> dockerroot:x:***:773:Docker User:/var/lib/docker:/sbin/nologin
> etcd:x:772:***:etcd user:/var/lib/etcd:/sbin/nologin
> cockpit-ws:x:***:771:User for cockpit-ws:/:/sbin/nologin

/etc/group
> dockerroot:x:773:
> etcd:x:772:
> cockpit-ws:x:771:
  • Can we remove this setuid privilege as a root and what will be the impact after this modification.)
> -rwsr-x---. 1 root cockpit-ws 40376 May 17 17:27 /usr/libexec/cockpit-session
  • Can IP forwarding be disabled :
    ~~
    /etc/sysctl.conf
    > net.ipv4.ip_forward=1
    ~~~

Environment

  • Openshift Container Platform
    • 3.5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.