Updated Compliance Operator CIS profile v1.4 fails on file permissions mode 600 and no remediation is available

Solution Verified - Updated -

Issue

After upgrading the Compliance Operator to version 1.2.0, CIS OpenShift scans fails the following controls:
- 1.1.1
- 1.1.3
- 1.1.5
- 1.1.7
- 1.1.13
- 1.1.15
- 1.1.17

These rules are failing due to tightened permissions advised through the CIS Red Hat OpenShift 1.4.0 benchmark, and OpenShift Container Platform components are in the process of updating default permissions to match the recommended advice from CIS.

Environment

  • Red Hat OpenShift Container Platform (RHOCP) 4
    • 4.12.36 or older
    • 4.13.14 or older

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content