diff --git a/applications/openshift/worker/file_groupowner_worker_ca/rule.yml b/applications/openshift/worker/file_groupowner_worker_ca/rule.yml index 950fb5f62c1..2538e54e434 100644 --- a/applications/openshift/worker/file_groupowner_worker_ca/rule.yml +++ b/applications/openshift/worker/file_groupowner_worker_ca/rule.yml @@ -13,8 +13,8 @@ rationale: |- severity: medium -#identifiers: -# cce@ocp4: 80619-0 +identifiers: + cce@ocp4: CCE-83440-8 references: cis: 4.1.8 diff --git a/applications/openshift/worker/file_owner_worker_ca/rule.yml b/applications/openshift/worker/file_owner_worker_ca/rule.yml index 24aa6a2de79..13b85d433a2 100644 --- a/applications/openshift/worker/file_owner_worker_ca/rule.yml +++ b/applications/openshift/worker/file_owner_worker_ca/rule.yml @@ -13,8 +13,8 @@ rationale: |- severity: medium -#identifiers: -# cce@ocp4: 80619-0 +identifiers: + cce@ocp4: CCE-83396-2 references: cis: 4.1.8 diff --git a/ocp4/profiles/cis-node.profile b/ocp4/profiles/cis-node.profile index 06b3ccaa2df..9ba5900b449 100644 --- a/ocp4/profiles/cis-node.profile +++ b/ocp4/profiles/cis-node.profile @@ -65,7 +65,8 @@ selections: # 4.1.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive # - create a rule based on file_permissions_kubelet_service that checks the perms of /etc/kubernetes/kubelet-ca.crt # 4.1.8 Ensure that the client certificate authorities file ownership is set to root:root - # - create a rule based on file_ownership_kubelet_service that checks the ownership of /etc/kubernetes/kubelet-ca.crt + - file_owner_worker_ca + - file_groupowner_worker_ca # 4.1.9 Ensure that the kubelet --config configuration file has permissions set to 644 or more restrictive # - create a rule based on file_permissions_kubelet_service that checks the perms of /var/lib/kubelet/kubeconfig # 4.1.10 Ensure that the kubelet configuration file ownership is set to root:root diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt index 7ab5eb179ea..43e7c9b6120 100644 --- a/shared/references/cce-redhat-avail.txt +++ b/shared/references/cce-redhat-avail.txt @@ -51,7 +51,6 @@ CCE-83386-3 CCE-83387-1 CCE-83392-1 CCE-83393-9 -CCE-83396-2 CCE-83397-0 CCE-83398-8 CCE-83399-6 @@ -84,7 +83,6 @@ CCE-83436-6 CCE-83437-4 CCE-83438-2 CCE-83439-0 -CCE-83440-8 CCE-83441-6 CCE-83442-4 CCE-83443-2