Securing OpenShift Enterprise with DISA STIGS.

Solution Verified - Updated -

Issue

  • We are implementing OpenShift on RHEL 6.x in an environment with strict security requirements (specifically we are implementing OpenShift in the DOD environment, and securing the system according to DOD STIGS) and have questions about items that are typically enabled in RHEL that need to be disabled to meet security requirements.
  1. Can these kernel parameters (sysctl) be disabled?
    • net.ipv4.conf.default.send_redirects
    • net.ipv4.conf.all.send_redirects
    • net.ipv4.conf.all.accept_redirects
    • net.ipv4.conf.all.secure_redirects
    • net.ipv4.conf.default.secure_redirects
    • net.ipv4.conf.all.rp_filter
  2. Do we need an rsync server enabled on any of the OpenShift systems?
  3. Can "PermitRootLogin" in /etc/ssh/sshd_config safely be set to "no" on all OpenShift systems?

Environment

  • Red Hat OpenShift Enterprise 1.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content