Running OpenSCAP scan report shows not applicable in OpenShift 4
Issue
- When running an oscap-chroot from a chroot on a node all of the reports will come back notapplicable
oscap-chroot /host/ xccdf eval --verbose DEVEL --verbose-log-file verbose.txt --profile xccdf_org.ssgproject.content_profile_cis --report report.html --val-results /usr/share/xml/scap/ssg/content/ssg-ocp4-ds.xml
- All of the tests come back as not applicable.
Rule xccdf_org.ssgproject.content_rule_accounts_restrict_service_account_tokens
Result notapplicable
Title Ensure Usage of Unique Service Accounts
Rule xccdf_org.ssgproject.content_rule_accounts_unique_service_account
Result notapplicable
Title Ensure Network Policies are Configured
Rule xccdf_org.ssgproject.content_rule_configure_network_policies
Result notapplicable
Title Ensure Project Namespaces Use Network Policies
Rule xccdf_org.ssgproject.content_rule_configure_network_policies_namespaces
Result notapplicable
Title Disable Scheduler Profiling
Rule xccdf_org.ssgproject.content_rule_scheduler_profiling_argument
Result notapplicable
Title Do Not Use Environment Variables with Secrets
Rule xccdf_org.ssgproject.content_rule_secrets_no_environment_variables
Result notapplicable
Title Verify Permissions on the Worker Kubeconfig File
Rule xccdf_org.ssgproject.content_rule_file_permissions_worker_kubeconfig
Result notapplicable
Title Verify Group Who Owns The OpenShift Node Service File
Rule xccdf_org.ssgproject.content_rule_file_groupowner_worker_service
Result notapplicable
Environment
- OpenShift Container Platform (OCP) 4.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.