Securing OpenShift Enterprise with DISA STIGS.
Issue
- We are implementing OpenShift on RHEL 6.x in an environment with strict security requirements (specifically we are implementing OpenShift in the DOD environment, and securing the system according to DOD STIGS) and have questions about items that are typically enabled in RHEL that need to be disabled to meet security requirements.
- Can these kernel parameters (sysctl) be disabled?
- net.ipv4.conf.default.send_redirects
- net.ipv4.conf.all.send_redirects
- net.ipv4.conf.all.accept_redirects
- net.ipv4.conf.all.secure_redirects
- net.ipv4.conf.default.secure_redirects
- net.ipv4.conf.all.rp_filter
- Do we need an rsync server enabled on any of the OpenShift systems?
- Can "PermitRootLogin" in /etc/ssh/sshd_config safely be set to "no" on all OpenShift systems?
Environment
- Red Hat OpenShift Enterprise 1.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.