Updated Compliance Operator CIS profile v1.4 fails on file permissions mode 600 and no remediation is available
Issue
After upgrading the Compliance Operator to version 1.2.0, CIS OpenShift scans fails the following controls:
- 1.1.1
- 1.1.3
- 1.1.5
- 1.1.7
- 1.1.13
- 1.1.15
- 1.1.17
These rules are failing due to tightened permissions advised through the CIS Red Hat OpenShift 1.4.0 benchmark, and OpenShift Container Platform components are in the process of updating default permissions to match the recommended advice from CIS.
Environment
- Red Hat OpenShift Container Platform (RHOCP) 4
- 4.12.36 or older
- 4.13.14 or older
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.