From 4fe5ea96f0ff5643494e66471c7114f7839e5ad9 Mon Sep 17 00:00:00 2001 From: Vincent Shen Date: Thu, 4 Apr 2024 03:59:38 -0700 Subject: [PATCH 1/9] OCP4: use new assertion formate for OCP CI Having a organized way to manage e2e assertion files, we will have all e2e assertion files located at tests/assertions//--.ymlfor example tests/ocp4/assertions/ocp4-cis-4.14.yml --- tests/assertions/ocp/ocp4-cis-4.14.yml | 355 ++++ tests/assertions/ocp/ocp4-moderate-4.14.yml | 451 +++++ .../ocp/rhcos4-moderate-4.14 copy.yml | 1447 +++++++++++++++++ 3 files changed, 2253 insertions(+) create mode 100644 tests/assertions/ocp/ocp4-cis-4.14.yml create mode 100644 tests/assertions/ocp/ocp4-moderate-4.14.yml create mode 100644 tests/assertions/ocp/rhcos4-moderate-4.14 copy.yml diff --git a/tests/assertions/ocp/ocp4-cis-4.14.yml b/tests/assertions/ocp/ocp4-cis-4.14.yml new file mode 100644 index 00000000000..ecaeddc1965 --- /dev/null +++ b/tests/assertions/ocp/ocp4-cis-4.14.yml @@ -0,0 +1,355 @@ +rule_results: + e2e-cis-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-audit-log-maxsize: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-api-server-encryption-provider-config: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-kubelet-client-cert: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-kubelet-client-key: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-oauth-https-serving-cert: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-api-server-openshift-https-serving-cert: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-audit-profile-set: + default_result: PASS + result_after_remediation: PASS + e2e-cis-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-cis-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-rotate-kubelet-server-certs: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-anonymous-auth: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-authorization-mode: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-configure-client-ca: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-configure-event-creation: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-configure-tls-cert: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-kubelet-configure-tls-cipher-suites: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-configure-tls-key: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-kubelet-configure-tls-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-cis-kubelet-enable-cert-rotation: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-enable-client-cert-rotation: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-enable-iptables-util-chains: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-enable-server-cert-rotation: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-enable-streaming-connections: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-eviction-thresholds-set-hard-imagefs-inodesfree: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-eviction-thresholds-set-soft-imagefs-available: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-eviction-thresholds-set-soft-imagefs-inodesfree: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-eviction-thresholds-set-soft-memory-available: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-eviction-thresholds-set-soft-nodefs-available: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-eviction-thresholds-set-soft-nodefs-inodesfree: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-api-server-audit-log-maxsize: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-cis-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-cis-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-cis-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scheduler-no-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-cis-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL \ No newline at end of file diff --git a/tests/assertions/ocp/ocp4-moderate-4.14.yml b/tests/assertions/ocp/ocp4-moderate-4.14.yml new file mode 100644 index 00000000000..6aeb28f242e --- /dev/null +++ b/tests/assertions/ocp/ocp4-moderate-4.14.yml @@ -0,0 +1,451 @@ +rule_results: + e2e-moderate-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-audit-log-maxsize: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-api-server-encryption-provider-config: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-kubelet-client-cert: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-kubelet-client-key: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-oauth-https-serving-cert: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-api-server-openshift-https-serving-cert: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-audit-error-alert-exists: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-audit-log-forwarding-uses-tls: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-banner-or-login-template-set: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-cluster-version-operator-exists: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-cluster-version-operator-verify-integrity: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-cluster-wide-proxy-set: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-compliance-notification-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-compliancesuite-exists: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-rotate-kubelet-server-certs: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-default-ingress-ca-replaced: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-file-integrity-notification-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-fips-mode-enabled-on-all-nodes: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-ingress-controller-certificate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-ingress-controller-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-anonymous-auth: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-authorization-mode: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-configure-client-ca: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-configure-event-creation: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-configure-tls-cert: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-kubelet-configure-tls-cipher-suites: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-configure-tls-key: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-kubelet-configure-tls-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-kubelet-configure-tls-min-version: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-kubelet-enable-cert-rotation: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-enable-client-cert-rotation: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-enable-iptables-util-chains: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-enable-server-cert-rotation: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-enable-streaming-connections: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-eviction-thresholds-set-hard-imagefs-inodesfree: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-eviction-thresholds-set-soft-imagefs-available: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-eviction-thresholds-set-soft-imagefs-inodesfree: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-eviction-thresholds-set-soft-memory-available: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-eviction-thresholds-set-soft-nodefs-available: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-eviction-thresholds-set-soft-nodefs-inodesfree: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-oauth-or-oauthclient-inactivity-timeout: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-oauth-or-oauthclient-token-maxage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-api-server-audit-log-maxsize: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-openshift-motd-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-resource-requests-limits-in-daemonset: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-resource-requests-limits-in-deployment: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-resource-requests-limits-in-statefulset: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-resource-requests-quota: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-route-ip-whitelist: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-routes-protected-by-tls: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-routes-rate-limit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scheduler-no-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL \ No newline at end of file diff --git a/tests/assertions/ocp/rhcos4-moderate-4.14 copy.yml b/tests/assertions/ocp/rhcos4-moderate-4.14 copy.yml new file mode 100644 index 00000000000..e6238d0b53c --- /dev/null +++ b/tests/assertions/ocp/rhcos4-moderate-4.14 copy.yml @@ -0,0 +1,1447 @@ +rule_results: + e2e-moderate-master-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-banner-etc-issue: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-master-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-moderate-master-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-vsyscall-kernel-argument: + default_result: INFO + result_after_remediation: INFO + e2e-moderate-master-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-master-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-package-iptables-installed: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-master-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-selinux-confinement-of-daemons: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-autofs-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sshd-limit-user-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-sshd-set-idle-timeout: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-fs-protected-hardlinks: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-fs-protected-symlinks: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-kptr-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-master-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-worker-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-banner-etc-issue: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-worker-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-moderate-worker-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-vsyscall-kernel-argument: + default_result: INFO + result_after_remediation: INFO + e2e-moderate-worker-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-worker-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-package-iptables-installed: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-worker-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-selinux-confinement-of-daemons: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-autofs-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sshd-limit-user-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-sshd-set-idle-timeout: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-fs-protected-hardlinks: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-fs-protected-symlinks: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-kptr-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-worker-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE \ No newline at end of file From b4dfb76d1d30971bff5886363d998f27f04dad87 Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Fri, 5 Apr 2024 11:11:15 -0500 Subject: [PATCH 2/9] Cleanup newlines and rhcos assertion file name Newlines are causing CI to fail, even for test related changes. This also clarifies the RHCOS assertion file name. --- tests/assertions/ocp/ocp4-cis-4.14.yml | 2 +- tests/assertions/ocp/ocp4-moderate-4.14.yml | 2 +- .../{rhcos4-moderate-4.14 copy.yml => rhcos4-moderate-4.14.yml} | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) rename tests/assertions/ocp/{rhcos4-moderate-4.14 copy.yml => rhcos4-moderate-4.14.yml} (99%) diff --git a/tests/assertions/ocp/ocp4-cis-4.14.yml b/tests/assertions/ocp/ocp4-cis-4.14.yml index ecaeddc1965..83ab9ce77f2 100644 --- a/tests/assertions/ocp/ocp4-cis-4.14.yml +++ b/tests/assertions/ocp/ocp4-cis-4.14.yml @@ -352,4 +352,4 @@ rule_results: result_after_remediation: MANUAL e2e-cis-secrets-no-environment-variables: default_result: MANUAL - result_after_remediation: MANUAL \ No newline at end of file + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp/ocp4-moderate-4.14.yml b/tests/assertions/ocp/ocp4-moderate-4.14.yml index 6aeb28f242e..975e885c098 100644 --- a/tests/assertions/ocp/ocp4-moderate-4.14.yml +++ b/tests/assertions/ocp/ocp4-moderate-4.14.yml @@ -448,4 +448,4 @@ rule_results: result_after_remediation: MANUAL e2e-moderate-secrets-no-environment-variables: default_result: MANUAL - result_after_remediation: MANUAL \ No newline at end of file + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp/rhcos4-moderate-4.14 copy.yml b/tests/assertions/ocp/rhcos4-moderate-4.14.yml similarity index 99% rename from tests/assertions/ocp/rhcos4-moderate-4.14 copy.yml rename to tests/assertions/ocp/rhcos4-moderate-4.14.yml index e6238d0b53c..8639f5ac743 100644 --- a/tests/assertions/ocp/rhcos4-moderate-4.14 copy.yml +++ b/tests/assertions/ocp/rhcos4-moderate-4.14.yml @@ -1444,4 +1444,4 @@ rule_results: result_after_remediation: MANUAL e2e-moderate-worker-wireless-disable-interfaces: default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE \ No newline at end of file + result_after_remediation: NOT-APPLICABLE From d23985ec30c59bafd5ada4deebfef71b15f133d3 Mon Sep 17 00:00:00 2001 From: Vincent Shen Date: Wed, 17 Apr 2024 23:33:59 -0700 Subject: [PATCH 3/9] Add more 4.13 assertion files Adding ocp4-cis, ocp4-cis-node, ocp4-e8, ocp4-high, ocp4-high-node, ocp4-moderate, ocp4-moderate-node, ocp4-pci-dss, ocp4-pci-dss-node, ocp4-stig assertion files for OCP 4.13 --- tests/assertions/ocp/ocp4-cis-4.13.yml | 295 +++++++ tests/assertions/ocp/ocp4-cis-node-4.13.yml | 401 ++++++++++ tests/assertions/ocp/ocp4-e8-4.13.yml | 37 + tests/assertions/ocp/ocp4-high-4.13.yml | 406 ++++++++++ tests/assertions/ocp/ocp4-high-node-4.13.yml | 721 ++++++++++++++++++ tests/assertions/ocp/ocp4-moderate-4.13.yml | 397 ++++++++++ .../ocp/ocp4-moderate-node-4.13.yml | 721 ++++++++++++++++++ tests/assertions/ocp/ocp4-pci-dss-4.13.yml | 337 ++++++++ .../assertions/ocp/ocp4-pci-dss-node-4.13.yml | 453 +++++++++++ tests/assertions/ocp/ocp4-stig-4.13.yml | 370 +++++++++ 10 files changed, 4138 insertions(+) create mode 100644 tests/assertions/ocp/ocp4-cis-4.13.yml create mode 100644 tests/assertions/ocp/ocp4-cis-node-4.13.yml create mode 100644 tests/assertions/ocp/ocp4-e8-4.13.yml create mode 100644 tests/assertions/ocp/ocp4-high-4.13.yml create mode 100644 tests/assertions/ocp/ocp4-high-node-4.13.yml create mode 100644 tests/assertions/ocp/ocp4-moderate-4.13.yml create mode 100644 tests/assertions/ocp/ocp4-moderate-node-4.13.yml create mode 100644 tests/assertions/ocp/ocp4-pci-dss-4.13.yml create mode 100644 tests/assertions/ocp/ocp4-pci-dss-node-4.13.yml create mode 100644 tests/assertions/ocp/ocp4-stig-4.13.yml diff --git a/tests/assertions/ocp/ocp4-cis-4.13.yml b/tests/assertions/ocp/ocp4-cis-4.13.yml new file mode 100644 index 00000000000..871e82cf83f --- /dev/null +++ b/tests/assertions/ocp/ocp4-cis-4.13.yml @@ -0,0 +1,295 @@ +rule_results: + e2e-cis-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-cis-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-cis-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-cis-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-cis-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-cis-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-cis-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp/ocp4-cis-node-4.13.yml b/tests/assertions/ocp/ocp4-cis-node-4.13.yml new file mode 100644 index 00000000000..00a14f3a53f --- /dev/null +++ b/tests/assertions/ocp/ocp4-cis-node-4.13.yml @@ -0,0 +1,401 @@ +rule_results: + e2e-cis-node-master-etcd-unique-ca: + default_result: PASS + e2e-cis-node-master-file-groupowner-cni-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-data-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-member: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-kube-apiserver: + default_result: PASS + e2e-cis-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + e2e-cis-node-master-file-groupowner-kube-scheduler: + default_result: PASS + e2e-cis-node-master-file-groupowner-kubelet-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + e2e-cis-node-master-file-groupowner-multus-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-pid: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-groupowner-worker-ca: + default_result: PASS + e2e-cis-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-groupowner-worker-service: + default_result: PASS + e2e-cis-node-master-file-owner-cni-conf: + default_result: PASS + e2e-cis-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-data-dir: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-data-files: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-member: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-kube-apiserver: + default_result: PASS + e2e-cis-node-master-file-owner-kube-controller-manager: + default_result: PASS + e2e-cis-node-master-file-owner-kube-scheduler: + default_result: PASS + e2e-cis-node-master-file-owner-kubelet: + default_result: PASS + e2e-cis-node-master-file-owner-kubelet-conf: + default_result: PASS + e2e-cis-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + e2e-cis-node-master-file-owner-multus-conf: + default_result: PASS + e2e-cis-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + e2e-cis-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-ovs-conf-db: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-pid: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-owner-worker-ca: + default_result: PASS + e2e-cis-node-master-file-owner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-owner-worker-service: + default_result: PASS + e2e-cis-node-master-file-permissions-cni-conf: + default_result: FAIL + e2e-cis-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-data-dir: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-data-files: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-member: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-permissions-kube-apiserver: + default_result: PASS + e2e-cis-node-master-file-permissions-kube-controller-manager: + default_result: PASS + e2e-cis-node-master-file-permissions-kubelet-conf: + default_result: PASS + e2e-cis-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + e2e-cis-node-master-file-permissions-multus-conf: + default_result: PASS + e2e-cis-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + e2e-cis-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-permissions-ovs-conf-db: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-pid: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-master-file-permissions-scheduler: + default_result: PASS + e2e-cis-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-permissions-worker-ca: + default_result: PASS + e2e-cis-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-permissions-worker-service: + default_result: PASS + e2e-cis-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-master-kubelet-anonymous-auth: + default_result: PASS + e2e-cis-node-master-kubelet-authorization-mode: + default_result: PASS + e2e-cis-node-master-kubelet-configure-client-ca: + default_result: PASS + e2e-cis-node-master-kubelet-configure-event-creation: + default_result: PASS + e2e-cis-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-cis-node-master-kubelet-enable-cert-rotation: + default_result: PASS + e2e-cis-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-cis-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-cis-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-cis-node-master-kubelet-enable-streaming-connections: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + e2e-cis-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-cni-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-multus-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-pid: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-worker-ca: + default_result: PASS + e2e-cis-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-worker-file-groupowner-worker-service: + default_result: PASS + e2e-cis-node-worker-file-owner-cni-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kubelet: + default_result: PASS + e2e-cis-node-worker-file-owner-kubelet-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-multus-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ovs-conf-db: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-pid: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-worker-ca: + default_result: PASS + e2e-cis-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-worker-file-owner-worker-service: + default_result: PASS + e2e-cis-node-worker-file-permissions-cni-conf: + default_result: FAIL + e2e-cis-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-kubelet-conf: + default_result: PASS + e2e-cis-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-multus-conf: + default_result: PASS + e2e-cis-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-pid: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-worker-ca: + default_result: PASS + e2e-cis-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-cis-node-worker-file-permissions-worker-service: + default_result: PASS + e2e-cis-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-kubelet-anonymous-auth: + default_result: PASS + e2e-cis-node-worker-kubelet-authorization-mode: + default_result: PASS + e2e-cis-node-worker-kubelet-configure-client-ca: + default_result: PASS + e2e-cis-node-worker-kubelet-configure-event-creation: + default_result: PASS + e2e-cis-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS diff --git a/tests/assertions/ocp/ocp4-e8-4.13.yml b/tests/assertions/ocp/ocp4-e8-4.13.yml new file mode 100644 index 00000000000..e82d5122341 --- /dev/null +++ b/tests/assertions/ocp/ocp4-e8-4.13.yml @@ -0,0 +1,37 @@ +rule_results: + e2e-e8-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-e8-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-e8-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-e8-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-e8-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-e8-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp/ocp4-high-4.13.yml b/tests/assertions/ocp/ocp4-high-4.13.yml new file mode 100644 index 00000000000..0686ed1a4d0 --- /dev/null +++ b/tests/assertions/ocp/ocp4-high-4.13.yml @@ -0,0 +1,406 @@ +rule_results: + e2e-high-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-alert-receiver-configured: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-high-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-audit-error-alert-exists: + default_result: PASS + result_after_remediation: PASS + e2e-high-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-audit-log-forwarding-uses-tls: + default_result: FAIL + result_after_remediation: PASS + e2e-high-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-high-banner-or-login-template-set: + default_result: FAIL + result_after_remediation: PASS + e2e-high-cluster-logging-operator-exist: + default_result: FAIL + result_after_remediation: PASS + e2e-high-cluster-version-operator-exists: + default_result: PASS + result_after_remediation: PASS + e2e-high-cluster-version-operator-verify-integrity: + default_result: PASS + result_after_remediation: PASS + e2e-high-cluster-wide-proxy-set: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-compliance-notification-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-high-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-rotate-kubelet-server-certs: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-high-default-ingress-ca-replaced: + default_result: FAIL + result_after_remediation: PASS + e2e-high-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-high-file-integrity-notification-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-fips-mode-enabled-on-all-nodes: + default_result: PASS + result_after_remediation: PASS + e2e-high-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-gitops-operator-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-high-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-high-ingress-controller-certificate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-ingress-controller-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-high-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-high-oauth-or-oauthclient-inactivity-timeout: + default_result: FAIL + result_after_remediation: PASS + e2e-high-oauth-or-oauthclient-token-maxage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-high-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-high-openshift-motd-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-high-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-high-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-resource-requests-limits-in-daemonset: + default_result: PASS + result_after_remediation: PASS + e2e-high-resource-requests-limits-in-deployment: + default_result: PASS + result_after_remediation: PASS + e2e-high-resource-requests-limits-in-statefulset: + default_result: PASS + result_after_remediation: PASS + e2e-high-resource-requests-quota: + default_result: FAIL + result_after_remediation: PASS + e2e-high-route-ip-whitelist: + default_result: PASS + result_after_remediation: PASS + e2e-high-routes-protected-by-tls: + default_result: PASS + result_after_remediation: PASS + e2e-high-routes-rate-limit: + default_result: PASS + result_after_remediation: PASS + e2e-high-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-high-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-high-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp/ocp4-high-node-4.13.yml b/tests/assertions/ocp/ocp4-high-node-4.13.yml new file mode 100644 index 00000000000..7582f9f3038 --- /dev/null +++ b/tests/assertions/ocp/ocp4-high-node-4.13.yml @@ -0,0 +1,721 @@ +rule_results: + e2e-high-node-master-directory-access-var-log-kube-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-master-directory-access-var-log-oauth-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-master-directory-access-var-log-ocp-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-master-directory-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-directory-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-directory-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-etcd-unique-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-ownership-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-ownership-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-ownership-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-permissions-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-master-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-master-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-master-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-worker-directory-access-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-access-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-access-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-ownership-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-ownership-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-ownership-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-worker-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-worker-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-worker-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp/ocp4-moderate-4.13.yml b/tests/assertions/ocp/ocp4-moderate-4.13.yml new file mode 100644 index 00000000000..80bc7221e3d --- /dev/null +++ b/tests/assertions/ocp/ocp4-moderate-4.13.yml @@ -0,0 +1,397 @@ +rule_results: + e2e-moderate-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-audit-error-alert-exists: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-audit-log-forwarding-uses-tls: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-banner-or-login-template-set: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-cluster-version-operator-exists: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-cluster-version-operator-verify-integrity: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-cluster-wide-proxy-set: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-compliance-notification-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-rotate-kubelet-server-certs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-default-ingress-ca-replaced: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-file-integrity-notification-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-fips-mode-enabled-on-all-nodes: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-ingress-controller-certificate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-ingress-controller-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-oauth-or-oauthclient-inactivity-timeout: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-oauth-or-oauthclient-token-maxage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-openshift-motd-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-resource-requests-limits-in-daemonset: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-resource-requests-limits-in-deployment: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-resource-requests-limits-in-statefulset: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-resource-requests-quota: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-route-ip-whitelist: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-routes-protected-by-tls: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-routes-rate-limit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp/ocp4-moderate-node-4.13.yml b/tests/assertions/ocp/ocp4-moderate-node-4.13.yml new file mode 100644 index 00000000000..9ba23c0c906 --- /dev/null +++ b/tests/assertions/ocp/ocp4-moderate-node-4.13.yml @@ -0,0 +1,721 @@ +rule_results: + e2e-moderate-node-master-directory-access-var-log-kube-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-master-directory-access-var-log-oauth-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-master-directory-access-var-log-ocp-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-master-directory-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-directory-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-directory-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-etcd-unique-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-ownership-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-ownership-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-ownership-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-permissions-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-master-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-master-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-master-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-worker-directory-access-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-access-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-access-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-ownership-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-ownership-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-ownership-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-worker-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-worker-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-worker-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp/ocp4-pci-dss-4.13.yml b/tests/assertions/ocp/ocp4-pci-dss-4.13.yml new file mode 100644 index 00000000000..b8e07a97b1c --- /dev/null +++ b/tests/assertions/ocp/ocp4-pci-dss-4.13.yml @@ -0,0 +1,337 @@ +rule_results: + e2e-pci-dss-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-check-cipher-suite: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-file-integrity-notification-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-pci-dss-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-kubelet-configure-tls-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-machine-volume-encrypted: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-pci-dss-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-pci-dss-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-cluster-roles-defined: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-roles-defined: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-routes-protected-by-tls: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-storageclass-encryption-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-tls-version-check-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-tls-version-check-router: + default_result: PASS + result_after_remediation: PASS diff --git a/tests/assertions/ocp/ocp4-pci-dss-node-4.13.yml b/tests/assertions/ocp/ocp4-pci-dss-node-4.13.yml new file mode 100644 index 00000000000..8d442ed3fe2 --- /dev/null +++ b/tests/assertions/ocp/ocp4-pci-dss-node-4.13.yml @@ -0,0 +1,453 @@ +rule_results: + e2e-pci-dss-node-master-directory-permissions-var-log-kube-audit: + default_result: PASS + e2e-pci-dss-node-master-directory-permissions-var-log-oauth-audit: + default_result: PASS + e2e-pci-dss-node-master-directory-permissions-var-log-ocp-audit: + default_result: PASS + e2e-pci-dss-node-master-etcd-unique-ca: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-cni-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-data-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-member: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-kube-apiserver: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-kube-scheduler: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-multus-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-worker-ca: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-worker-service: + default_result: PASS + e2e-pci-dss-node-master-file-owner-cni-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-data-dir: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-data-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-member: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-kube-apiserver: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kube-controller-manager: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kube-scheduler: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kubelet: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + e2e-pci-dss-node-master-file-owner-multus-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-owner-worker-ca: + default_result: PASS + e2e-pci-dss-node-master-file-owner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-owner-worker-service: + default_result: PASS + e2e-pci-dss-node-master-file-ownership-var-log-kube-audit: + default_result: PASS + e2e-pci-dss-node-master-file-ownership-var-log-oauth-audit: + default_result: PASS + e2e-pci-dss-node-master-file-ownership-var-log-ocp-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-cni-conf: + default_result: FAIL + e2e-pci-dss-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-data-dir: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-data-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-member: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-permissions-kube-apiserver: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-kube-controller-manager: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-multus-conf: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-permissions-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-pid: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-scheduler: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-var-log-kube-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-var-log-oauth-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-var-log-ocp-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-worker-ca: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-worker-service: + default_result: PASS + e2e-pci-dss-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-kubelet-anonymous-auth: + default_result: PASS + e2e-pci-dss-node-master-kubelet-authorization-mode: + default_result: PASS + e2e-pci-dss-node-master-kubelet-configure-client-ca: + default_result: PASS + e2e-pci-dss-node-master-kubelet-configure-event-creation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-cert-rotation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-streaming-connections: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + e2e-pci-dss-node-master-partition-for-var-log-kube-apiserver: + default_result: MANUAL + e2e-pci-dss-node-master-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + e2e-pci-dss-node-master-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + e2e-pci-dss-node-master-tls-version-check-masters-workers: + default_result: PASS + e2e-pci-dss-node-worker-directory-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-directory-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-directory-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-cni-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-multus-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-worker-ca: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-worker-service: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-cni-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kubelet: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-multus-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-worker-ca: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-worker-service: + default_result: PASS + e2e-pci-dss-node-worker-file-ownership-var-log-kube-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-ownership-var-log-oauth-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-ownership-var-log-ocp-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-cni-conf: + default_result: FAIL + e2e-pci-dss-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-multus-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-worker-ca: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-worker-service: + default_result: PASS + e2e-pci-dss-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-kubelet-anonymous-auth: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-authorization-mode: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-configure-client-ca: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-configure-event-creation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + e2e-pci-dss-node-worker-partition-for-var-log-kube-apiserver: + default_result: MANUAL + e2e-pci-dss-node-worker-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + e2e-pci-dss-node-worker-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + e2e-pci-dss-node-worker-tls-version-check-masters-workers: + default_result: PASS diff --git a/tests/assertions/ocp/ocp4-stig-4.13.yml b/tests/assertions/ocp/ocp4-stig-4.13.yml new file mode 100644 index 00000000000..592213c4052 --- /dev/null +++ b/tests/assertions/ocp/ocp4-stig-4.13.yml @@ -0,0 +1,370 @@ +rule_results: + e2e-stig-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-audit-error-alert-exists: + default_result: PASS + result_after_remediation: PASS + e2e-stig-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-audit-log-forwarding-uses-tls: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-classification-banner: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-cluster-logging-operator-exist: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-cluster-version-operator-exists: + default_result: PASS + result_after_remediation: PASS + e2e-stig-cluster-version-operator-verify-integrity: + default_result: PASS + result_after_remediation: PASS + e2e-stig-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-stig-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-container-security-operator-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-rotate-kubelet-server-certs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-fips-mode-enabled-on-all-nodes: + default_result: PASS + result_after_remediation: PASS + e2e-stig-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-image-pruner-active: + default_result: PASS + result_after_remediation: PASS + e2e-stig-imagestream-sets-schedule: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ingress-controller-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-stig-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-stig-oauth-login-template-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauth-logout-url-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauth-or-oauthclient-token-maxage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauth-provider-selection-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauthclient-inactivity-timeout: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-stig-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-stig-openshift-motd-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-project-config-and-template-network-policy: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-project-config-and-template-resource-quota: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-stig-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-logging-del: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-logging-mod: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-logging-view: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-resource-requests-quota-per-project: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-routes-rate-limit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scansettings-have-schedule: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scc-limit-host-dir-volume-plugin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-host-ports: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL From eb52c49a68f8e9d99e1fee7421bc6c6426754058 Mon Sep 17 00:00:00 2001 From: Vincent Shen Date: Fri, 19 Apr 2024 05:01:08 -0700 Subject: [PATCH 4/9] Add 4.14 assertion files Adding ocp4-cis, ocp4-cis-node, ocp4-e8, ocp4-high, ocp4-high-node, ocp4-moderate, ocp4-moderate-node, ocp4-pci-dss, ocp4-pci-dss-node, ocp4-stig assertion files for OCP 4.14 --- .../{ocp => ocp4}/ocp4-cis-4.13.yml | 0 .../{ocp => ocp4}/ocp4-cis-4.14.yml | 140 +--- .../{ocp => ocp4}/ocp4-cis-node-4.13.yml | 0 tests/assertions/ocp4/ocp4-cis-node-4.14.yml | 401 ++++++++++ .../assertions/{ocp => ocp4}/ocp4-e8-4.13.yml | 0 tests/assertions/ocp4/ocp4-e8-4.14.yml | 37 + .../{ocp => ocp4}/ocp4-high-4.13.yml | 0 tests/assertions/ocp4/ocp4-high-4.14.yml | 406 ++++++++++ .../{ocp => ocp4}/ocp4-high-node-4.13.yml | 0 tests/assertions/ocp4/ocp4-high-node-4.14.yml | 721 ++++++++++++++++++ .../{ocp => ocp4}/ocp4-moderate-4.13.yml | 0 .../{ocp => ocp4}/ocp4-moderate-4.14.yml | 128 +--- .../{ocp => ocp4}/ocp4-moderate-node-4.13.yml | 0 .../ocp4/ocp4-moderate-node-4.14.yml | 721 ++++++++++++++++++ .../{ocp => ocp4}/ocp4-pci-dss-4.13.yml | 0 tests/assertions/ocp4/ocp4-pci-dss-4.14.yml | 337 ++++++++ .../{ocp => ocp4}/ocp4-pci-dss-node-4.13.yml | 0 .../ocp4/ocp4-pci-dss-node-4.14.yml | 453 +++++++++++ .../{ocp => ocp4}/ocp4-stig-4.13.yml | 0 tests/assertions/ocp4/ocp4-stig-4.14.yml | 370 +++++++++ .../{ocp => ocp4}/rhcos4-moderate-4.14.yml | 0 21 files changed, 3523 insertions(+), 191 deletions(-) rename tests/assertions/{ocp => ocp4}/ocp4-cis-4.13.yml (100%) rename tests/assertions/{ocp => ocp4}/ocp4-cis-4.14.yml (73%) rename tests/assertions/{ocp => ocp4}/ocp4-cis-node-4.13.yml (100%) create mode 100644 tests/assertions/ocp4/ocp4-cis-node-4.14.yml rename tests/assertions/{ocp => ocp4}/ocp4-e8-4.13.yml (100%) create mode 100644 tests/assertions/ocp4/ocp4-e8-4.14.yml rename tests/assertions/{ocp => ocp4}/ocp4-high-4.13.yml (100%) create mode 100644 tests/assertions/ocp4/ocp4-high-4.14.yml rename tests/assertions/{ocp => ocp4}/ocp4-high-node-4.13.yml (100%) create mode 100644 tests/assertions/ocp4/ocp4-high-node-4.14.yml rename tests/assertions/{ocp => ocp4}/ocp4-moderate-4.13.yml (100%) rename tests/assertions/{ocp => ocp4}/ocp4-moderate-4.14.yml (80%) rename tests/assertions/{ocp => ocp4}/ocp4-moderate-node-4.13.yml (100%) create mode 100644 tests/assertions/ocp4/ocp4-moderate-node-4.14.yml rename tests/assertions/{ocp => ocp4}/ocp4-pci-dss-4.13.yml (100%) create mode 100644 tests/assertions/ocp4/ocp4-pci-dss-4.14.yml rename tests/assertions/{ocp => ocp4}/ocp4-pci-dss-node-4.13.yml (100%) create mode 100644 tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml rename tests/assertions/{ocp => ocp4}/ocp4-stig-4.13.yml (100%) create mode 100644 tests/assertions/ocp4/ocp4-stig-4.14.yml rename tests/assertions/{ocp => ocp4}/rhcos4-moderate-4.14.yml (100%) diff --git a/tests/assertions/ocp/ocp4-cis-4.13.yml b/tests/assertions/ocp4/ocp4-cis-4.13.yml similarity index 100% rename from tests/assertions/ocp/ocp4-cis-4.13.yml rename to tests/assertions/ocp4/ocp4-cis-4.13.yml diff --git a/tests/assertions/ocp/ocp4-cis-4.14.yml b/tests/assertions/ocp4/ocp4-cis-4.14.yml similarity index 73% rename from tests/assertions/ocp/ocp4-cis-4.14.yml rename to tests/assertions/ocp4/ocp4-cis-4.14.yml index 83ab9ce77f2..871e82cf83f 100644 --- a/tests/assertions/ocp/ocp4-cis-4.14.yml +++ b/tests/assertions/ocp4/ocp4-cis-4.14.yml @@ -20,18 +20,12 @@ rule_results: e2e-cis-api-server-admission-control-plugin-scc: default_result: PASS result_after_remediation: PASS - e2e-cis-api-server-admission-control-plugin-securitycontextdeny: - default_result: PASS - result_after_remediation: PASS e2e-cis-api-server-admission-control-plugin-service-account: default_result: PASS result_after_remediation: PASS e2e-cis-api-server-anonymous-auth: default_result: PASS result_after_remediation: PASS - e2e-cis-api-server-api-priority-flowschema-catch-all: - default_result: PASS - result_after_remediation: PASS e2e-cis-api-server-api-priority-gate-enabled: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -39,15 +33,12 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-cis-api-server-audit-log-maxsize: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-api-server-audit-log-path: default_result: PASS result_after_remediation: PASS - e2e-cis-api-server-auth-mode-no-aa: + e2e-cis-api-server-audit-log-path: default_result: PASS result_after_remediation: PASS - e2e-cis-api-server-auth-mode-node: + e2e-cis-api-server-auth-mode-no-aa: default_result: PASS result_after_remediation: PASS e2e-cis-api-server-auth-mode-rbac: @@ -65,9 +56,6 @@ rule_results: e2e-cis-api-server-encryption-provider-cipher: default_result: FAIL result_after_remediation: PASS - e2e-cis-api-server-encryption-provider-config: - default_result: FAIL - result_after_remediation: PASS e2e-cis-api-server-etcd-ca: default_result: PASS result_after_remediation: PASS @@ -90,26 +78,23 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-cis-api-server-kubelet-client-cert: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS + result_after_remediation: PASS e2e-cis-api-server-kubelet-client-cert-pre-4-9: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-cis-api-server-kubelet-client-key: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS + result_after_remediation: PASS e2e-cis-api-server-kubelet-client-key-pre-4-9: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE - e2e-cis-api-server-no-adm-ctrl-plugins-disabled: + e2e-cis-api-server-oauth-https-serving-cert: default_result: PASS result_after_remediation: PASS - e2e-cis-api-server-oauth-https-serving-cert: - default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-api-server-openshift-https-serving-cert: - default_result: MANUAL - result_after_remediation: MANUAL + default_result: PASS + result_after_remediation: PASS e2e-cis-api-server-profiling-protected-by-rbac: default_result: PASS result_after_remediation: PASS @@ -137,21 +122,27 @@ rule_results: e2e-cis-audit-log-forwarding-enabled: default_result: FAIL result_after_remediation: PASS - e2e-cis-audit-profile-set: + e2e-cis-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-audit-logging-enabled: default_result: PASS result_after_remediation: PASS + e2e-cis-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS e2e-cis-configure-network-policies: default_result: PASS result_after_remediation: PASS + e2e-cis-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE e2e-cis-configure-network-policies-namespaces: default_result: FAIL result_after_remediation: PASS e2e-cis-controller-insecure-port-disabled: default_result: PASS result_after_remediation: PASS - e2e-cis-controller-rotate-kubelet-server-certs: - default_result: FAIL - result_after_remediation: FAIL e2e-cis-controller-secure-port: default_result: PASS result_after_remediation: PASS @@ -200,9 +191,6 @@ rule_results: e2e-cis-general-apply-scc: default_result: MANUAL result_after_remediation: MANUAL - e2e-cis-general-configure-imagepolicywebhook: - default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-general-default-namespace-use: default_result: MANUAL result_after_remediation: MANUAL @@ -218,93 +206,42 @@ rule_results: e2e-cis-kubeadmin-removed: default_result: FAIL result_after_remediation: FAIL - e2e-cis-kubelet-anonymous-auth: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-authorization-mode: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-configure-client-ca: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-configure-event-creation: - default_result: FAIL - result_after_remediation: FAIL e2e-cis-kubelet-configure-tls-cert: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - e2e-cis-kubelet-configure-tls-cert-pre-4-9: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - e2e-cis-kubelet-configure-tls-cipher-suites: - default_result: FAIL - result_after_remediation: FAIL + default_result: PASS + result_after_remediation: PASS e2e-cis-kubelet-configure-tls-key: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - e2e-cis-kubelet-configure-tls-key-pre-4-9: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS + result_after_remediation: PASS e2e-cis-kubelet-disable-readonly-port: default_result: PASS result_after_remediation: PASS - e2e-cis-kubelet-enable-cert-rotation: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-enable-client-cert-rotation: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-enable-iptables-util-chains: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-enable-server-cert-rotation: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-enable-streaming-connections: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-eviction-thresholds-set-hard-imagefs-available: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-eviction-thresholds-set-hard-imagefs-inodesfree: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-eviction-thresholds-set-hard-memory-available: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-eviction-thresholds-set-hard-nodefs-available: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-eviction-thresholds-set-soft-imagefs-available: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-eviction-thresholds-set-soft-imagefs-inodesfree: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-eviction-thresholds-set-soft-memory-available: - default_result: FAIL - result_after_remediation: FAIL - e2e-cis-kubelet-eviction-thresholds-set-soft-nodefs-available: + e2e-cis-ocp-allowed-registries: default_result: FAIL result_after_remediation: FAIL - e2e-cis-kubelet-eviction-thresholds-set-soft-nodefs-inodesfree: + e2e-cis-ocp-allowed-registries-for-import: default_result: FAIL result_after_remediation: FAIL e2e-cis-ocp-api-server-audit-log-maxbackup: default_result: PASS result_after_remediation: PASS e2e-cis-ocp-api-server-audit-log-maxsize: - default_result: FAIL - result_after_remediation: FAIL + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS e2e-cis-openshift-api-server-audit-log-path: default_result: PASS result_after_remediation: PASS e2e-cis-rbac-debug-role-protects-pprof: default_result: PASS result_after_remediation: PASS + e2e-cis-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL e2e-cis-rbac-limit-cluster-admin: default_result: MANUAL result_after_remediation: MANUAL @@ -344,7 +281,10 @@ rule_results: e2e-cis-scc-limit-root-containers: default_result: MANUAL result_after_remediation: MANUAL - e2e-cis-scheduler-no-bind-address: + e2e-cis-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-scheduler-service-protected-by-rbac: default_result: PASS result_after_remediation: PASS e2e-cis-secrets-consider-external-storage: diff --git a/tests/assertions/ocp/ocp4-cis-node-4.13.yml b/tests/assertions/ocp4/ocp4-cis-node-4.13.yml similarity index 100% rename from tests/assertions/ocp/ocp4-cis-node-4.13.yml rename to tests/assertions/ocp4/ocp4-cis-node-4.13.yml diff --git a/tests/assertions/ocp4/ocp4-cis-node-4.14.yml b/tests/assertions/ocp4/ocp4-cis-node-4.14.yml new file mode 100644 index 00000000000..00a14f3a53f --- /dev/null +++ b/tests/assertions/ocp4/ocp4-cis-node-4.14.yml @@ -0,0 +1,401 @@ +rule_results: + e2e-cis-node-master-etcd-unique-ca: + default_result: PASS + e2e-cis-node-master-file-groupowner-cni-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-data-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-member: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-kube-apiserver: + default_result: PASS + e2e-cis-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + e2e-cis-node-master-file-groupowner-kube-scheduler: + default_result: PASS + e2e-cis-node-master-file-groupowner-kubelet-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + e2e-cis-node-master-file-groupowner-multus-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-pid: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-groupowner-worker-ca: + default_result: PASS + e2e-cis-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-groupowner-worker-service: + default_result: PASS + e2e-cis-node-master-file-owner-cni-conf: + default_result: PASS + e2e-cis-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-data-dir: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-data-files: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-member: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-kube-apiserver: + default_result: PASS + e2e-cis-node-master-file-owner-kube-controller-manager: + default_result: PASS + e2e-cis-node-master-file-owner-kube-scheduler: + default_result: PASS + e2e-cis-node-master-file-owner-kubelet: + default_result: PASS + e2e-cis-node-master-file-owner-kubelet-conf: + default_result: PASS + e2e-cis-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + e2e-cis-node-master-file-owner-multus-conf: + default_result: PASS + e2e-cis-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + e2e-cis-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-ovs-conf-db: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-pid: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-owner-worker-ca: + default_result: PASS + e2e-cis-node-master-file-owner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-owner-worker-service: + default_result: PASS + e2e-cis-node-master-file-permissions-cni-conf: + default_result: FAIL + e2e-cis-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-data-dir: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-data-files: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-member: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-permissions-kube-apiserver: + default_result: PASS + e2e-cis-node-master-file-permissions-kube-controller-manager: + default_result: PASS + e2e-cis-node-master-file-permissions-kubelet-conf: + default_result: PASS + e2e-cis-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + e2e-cis-node-master-file-permissions-multus-conf: + default_result: PASS + e2e-cis-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + e2e-cis-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-permissions-ovs-conf-db: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-pid: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-master-file-permissions-scheduler: + default_result: PASS + e2e-cis-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-permissions-worker-ca: + default_result: PASS + e2e-cis-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-permissions-worker-service: + default_result: PASS + e2e-cis-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-master-kubelet-anonymous-auth: + default_result: PASS + e2e-cis-node-master-kubelet-authorization-mode: + default_result: PASS + e2e-cis-node-master-kubelet-configure-client-ca: + default_result: PASS + e2e-cis-node-master-kubelet-configure-event-creation: + default_result: PASS + e2e-cis-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-cis-node-master-kubelet-enable-cert-rotation: + default_result: PASS + e2e-cis-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-cis-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-cis-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-cis-node-master-kubelet-enable-streaming-connections: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + e2e-cis-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-cni-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-multus-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-pid: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-worker-ca: + default_result: PASS + e2e-cis-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-worker-file-groupowner-worker-service: + default_result: PASS + e2e-cis-node-worker-file-owner-cni-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kubelet: + default_result: PASS + e2e-cis-node-worker-file-owner-kubelet-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-multus-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ovs-conf-db: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-pid: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-worker-ca: + default_result: PASS + e2e-cis-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-worker-file-owner-worker-service: + default_result: PASS + e2e-cis-node-worker-file-permissions-cni-conf: + default_result: FAIL + e2e-cis-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-kubelet-conf: + default_result: PASS + e2e-cis-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-multus-conf: + default_result: PASS + e2e-cis-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-pid: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-worker-ca: + default_result: PASS + e2e-cis-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-cis-node-worker-file-permissions-worker-service: + default_result: PASS + e2e-cis-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-kubelet-anonymous-auth: + default_result: PASS + e2e-cis-node-worker-kubelet-authorization-mode: + default_result: PASS + e2e-cis-node-worker-kubelet-configure-client-ca: + default_result: PASS + e2e-cis-node-worker-kubelet-configure-event-creation: + default_result: PASS + e2e-cis-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS diff --git a/tests/assertions/ocp/ocp4-e8-4.13.yml b/tests/assertions/ocp4/ocp4-e8-4.13.yml similarity index 100% rename from tests/assertions/ocp/ocp4-e8-4.13.yml rename to tests/assertions/ocp4/ocp4-e8-4.13.yml diff --git a/tests/assertions/ocp4/ocp4-e8-4.14.yml b/tests/assertions/ocp4/ocp4-e8-4.14.yml new file mode 100644 index 00000000000..e82d5122341 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-e8-4.14.yml @@ -0,0 +1,37 @@ +rule_results: + e2e-e8-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-e8-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-e8-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-e8-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-e8-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-e8-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp/ocp4-high-4.13.yml b/tests/assertions/ocp4/ocp4-high-4.13.yml similarity index 100% rename from tests/assertions/ocp/ocp4-high-4.13.yml rename to tests/assertions/ocp4/ocp4-high-4.13.yml diff --git a/tests/assertions/ocp4/ocp4-high-4.14.yml b/tests/assertions/ocp4/ocp4-high-4.14.yml new file mode 100644 index 00000000000..0686ed1a4d0 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-high-4.14.yml @@ -0,0 +1,406 @@ +rule_results: + e2e-high-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-alert-receiver-configured: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-high-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-audit-error-alert-exists: + default_result: PASS + result_after_remediation: PASS + e2e-high-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-audit-log-forwarding-uses-tls: + default_result: FAIL + result_after_remediation: PASS + e2e-high-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-high-banner-or-login-template-set: + default_result: FAIL + result_after_remediation: PASS + e2e-high-cluster-logging-operator-exist: + default_result: FAIL + result_after_remediation: PASS + e2e-high-cluster-version-operator-exists: + default_result: PASS + result_after_remediation: PASS + e2e-high-cluster-version-operator-verify-integrity: + default_result: PASS + result_after_remediation: PASS + e2e-high-cluster-wide-proxy-set: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-compliance-notification-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-high-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-rotate-kubelet-server-certs: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-high-default-ingress-ca-replaced: + default_result: FAIL + result_after_remediation: PASS + e2e-high-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-high-file-integrity-notification-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-fips-mode-enabled-on-all-nodes: + default_result: PASS + result_after_remediation: PASS + e2e-high-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-gitops-operator-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-high-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-high-ingress-controller-certificate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-ingress-controller-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-high-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-high-oauth-or-oauthclient-inactivity-timeout: + default_result: FAIL + result_after_remediation: PASS + e2e-high-oauth-or-oauthclient-token-maxage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-high-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-high-openshift-motd-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-high-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-high-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-resource-requests-limits-in-daemonset: + default_result: PASS + result_after_remediation: PASS + e2e-high-resource-requests-limits-in-deployment: + default_result: PASS + result_after_remediation: PASS + e2e-high-resource-requests-limits-in-statefulset: + default_result: PASS + result_after_remediation: PASS + e2e-high-resource-requests-quota: + default_result: FAIL + result_after_remediation: PASS + e2e-high-route-ip-whitelist: + default_result: PASS + result_after_remediation: PASS + e2e-high-routes-protected-by-tls: + default_result: PASS + result_after_remediation: PASS + e2e-high-routes-rate-limit: + default_result: PASS + result_after_remediation: PASS + e2e-high-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-high-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-high-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp/ocp4-high-node-4.13.yml b/tests/assertions/ocp4/ocp4-high-node-4.13.yml similarity index 100% rename from tests/assertions/ocp/ocp4-high-node-4.13.yml rename to tests/assertions/ocp4/ocp4-high-node-4.13.yml diff --git a/tests/assertions/ocp4/ocp4-high-node-4.14.yml b/tests/assertions/ocp4/ocp4-high-node-4.14.yml new file mode 100644 index 00000000000..7582f9f3038 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-high-node-4.14.yml @@ -0,0 +1,721 @@ +rule_results: + e2e-high-node-master-directory-access-var-log-kube-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-master-directory-access-var-log-oauth-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-master-directory-access-var-log-ocp-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-master-directory-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-directory-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-directory-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-etcd-unique-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-ownership-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-ownership-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-ownership-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-permissions-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-master-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-master-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-master-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-worker-directory-access-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-access-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-access-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-ownership-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-ownership-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-ownership-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-worker-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-worker-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-worker-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp/ocp4-moderate-4.13.yml b/tests/assertions/ocp4/ocp4-moderate-4.13.yml similarity index 100% rename from tests/assertions/ocp/ocp4-moderate-4.13.yml rename to tests/assertions/ocp4/ocp4-moderate-4.13.yml diff --git a/tests/assertions/ocp/ocp4-moderate-4.14.yml b/tests/assertions/ocp4/ocp4-moderate-4.14.yml similarity index 80% rename from tests/assertions/ocp/ocp4-moderate-4.14.yml rename to tests/assertions/ocp4/ocp4-moderate-4.14.yml index 975e885c098..80bc7221e3d 100644 --- a/tests/assertions/ocp/ocp4-moderate-4.14.yml +++ b/tests/assertions/ocp4/ocp4-moderate-4.14.yml @@ -39,8 +39,8 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-api-server-audit-log-maxsize: - default_result: FAIL - result_after_remediation: FAIL + default_result: PASS + result_after_remediation: PASS e2e-moderate-api-server-audit-log-path: default_result: PASS result_after_remediation: PASS @@ -65,9 +65,6 @@ rule_results: e2e-moderate-api-server-encryption-provider-cipher: default_result: FAIL result_after_remediation: PASS - e2e-moderate-api-server-encryption-provider-config: - default_result: FAIL - result_after_remediation: PASS e2e-moderate-api-server-etcd-ca: default_result: PASS result_after_remediation: PASS @@ -90,14 +87,14 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-api-server-kubelet-client-cert: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS + result_after_remediation: PASS e2e-moderate-api-server-kubelet-client-cert-pre-4-9: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-api-server-kubelet-client-key: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS + result_after_remediation: PASS e2e-moderate-api-server-kubelet-client-key-pre-4-9: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -105,11 +102,11 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-api-server-oauth-https-serving-cert: - default_result: MANUAL - result_after_remediation: MANUAL + default_result: PASS + result_after_remediation: PASS e2e-moderate-api-server-openshift-https-serving-cert: - default_result: MANUAL - result_after_remediation: MANUAL + default_result: PASS + result_after_remediation: PASS e2e-moderate-api-server-profiling-protected-by-rbac: default_result: PASS result_after_remediation: PASS @@ -146,6 +143,12 @@ rule_results: e2e-moderate-audit-log-forwarding-uses-tls: default_result: FAIL result_after_remediation: PASS + e2e-moderate-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS e2e-moderate-audit-profile-set: default_result: FAIL result_after_remediation: PASS @@ -164,12 +167,12 @@ rule_results: e2e-moderate-compliance-notification-enabled: default_result: PASS result_after_remediation: PASS - e2e-moderate-compliancesuite-exists: - default_result: PASS - result_after_remediation: PASS e2e-moderate-configure-network-policies: default_result: PASS result_after_remediation: PASS + e2e-moderate-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE e2e-moderate-configure-network-policies-namespaces: default_result: FAIL result_after_remediation: PASS @@ -177,8 +180,8 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-controller-rotate-kubelet-server-certs: - default_result: FAIL - result_after_remediation: FAIL + default_result: PASS + result_after_remediation: PASS e2e-moderate-controller-secure-port: default_result: PASS result_after_remediation: PASS @@ -263,84 +266,18 @@ rule_results: e2e-moderate-kubeadmin-removed: default_result: FAIL result_after_remediation: FAIL - e2e-moderate-kubelet-anonymous-auth: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-authorization-mode: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-configure-client-ca: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-configure-event-creation: - default_result: FAIL - result_after_remediation: FAIL e2e-moderate-kubelet-configure-tls-cert: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS + result_after_remediation: PASS e2e-moderate-kubelet-configure-tls-cert-pre-4-9: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE - e2e-moderate-kubelet-configure-tls-cipher-suites: - default_result: FAIL - result_after_remediation: FAIL e2e-moderate-kubelet-configure-tls-key: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - e2e-moderate-kubelet-configure-tls-key-pre-4-9: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - e2e-moderate-kubelet-configure-tls-min-version: - default_result: FAIL - result_after_remediation: FAIL + default_result: PASS + result_after_remediation: PASS e2e-moderate-kubelet-disable-readonly-port: default_result: PASS result_after_remediation: PASS - e2e-moderate-kubelet-enable-cert-rotation: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-enable-client-cert-rotation: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-enable-iptables-util-chains: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-enable-server-cert-rotation: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-enable-streaming-connections: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-eviction-thresholds-set-hard-imagefs-available: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-eviction-thresholds-set-hard-imagefs-inodesfree: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-eviction-thresholds-set-hard-memory-available: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-eviction-thresholds-set-hard-nodefs-available: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-eviction-thresholds-set-soft-imagefs-available: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-eviction-thresholds-set-soft-imagefs-inodesfree: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-eviction-thresholds-set-soft-memory-available: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-eviction-thresholds-set-soft-nodefs-available: - default_result: FAIL - result_after_remediation: FAIL - e2e-moderate-kubelet-eviction-thresholds-set-soft-nodefs-inodesfree: - default_result: FAIL - result_after_remediation: FAIL e2e-moderate-oauth-or-oauthclient-inactivity-timeout: default_result: FAIL result_after_remediation: PASS @@ -357,8 +294,8 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-ocp-api-server-audit-log-maxsize: - default_result: FAIL - result_after_remediation: FAIL + default_result: PASS + result_after_remediation: PASS e2e-moderate-ocp-idp-no-htpasswd: default_result: PASS result_after_remediation: PASS @@ -380,6 +317,9 @@ rule_results: e2e-moderate-rbac-debug-role-protects-pprof: default_result: PASS result_after_remediation: PASS + e2e-moderate-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL e2e-moderate-rbac-limit-cluster-admin: default_result: MANUAL result_after_remediation: MANUAL @@ -413,6 +353,9 @@ rule_results: e2e-moderate-routes-rate-limit: default_result: PASS result_after_remediation: PASS + e2e-moderate-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS e2e-moderate-scc-drop-container-capabilities: default_result: MANUAL result_after_remediation: MANUAL @@ -440,7 +383,10 @@ rule_results: e2e-moderate-scc-limit-root-containers: default_result: MANUAL result_after_remediation: MANUAL - e2e-moderate-scheduler-no-bind-address: + e2e-moderate-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scheduler-service-protected-by-rbac: default_result: PASS result_after_remediation: PASS e2e-moderate-secrets-consider-external-storage: diff --git a/tests/assertions/ocp/ocp4-moderate-node-4.13.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.13.yml similarity index 100% rename from tests/assertions/ocp/ocp4-moderate-node-4.13.yml rename to tests/assertions/ocp4/ocp4-moderate-node-4.13.yml diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml new file mode 100644 index 00000000000..9ba23c0c906 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml @@ -0,0 +1,721 @@ +rule_results: + e2e-moderate-node-master-directory-access-var-log-kube-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-master-directory-access-var-log-oauth-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-master-directory-access-var-log-ocp-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-master-directory-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-directory-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-directory-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-etcd-unique-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-ownership-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-ownership-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-ownership-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-permissions-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-master-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-master-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-master-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-worker-directory-access-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-access-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-access-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-ownership-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-ownership-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-ownership-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-worker-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-worker-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-worker-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp/ocp4-pci-dss-4.13.yml b/tests/assertions/ocp4/ocp4-pci-dss-4.13.yml similarity index 100% rename from tests/assertions/ocp/ocp4-pci-dss-4.13.yml rename to tests/assertions/ocp4/ocp4-pci-dss-4.13.yml diff --git a/tests/assertions/ocp4/ocp4-pci-dss-4.14.yml b/tests/assertions/ocp4/ocp4-pci-dss-4.14.yml new file mode 100644 index 00000000000..b8e07a97b1c --- /dev/null +++ b/tests/assertions/ocp4/ocp4-pci-dss-4.14.yml @@ -0,0 +1,337 @@ +rule_results: + e2e-pci-dss-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-check-cipher-suite: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-file-integrity-notification-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-pci-dss-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-kubelet-configure-tls-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-machine-volume-encrypted: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-pci-dss-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-pci-dss-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-cluster-roles-defined: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-roles-defined: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-routes-protected-by-tls: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-storageclass-encryption-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-tls-version-check-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-tls-version-check-router: + default_result: PASS + result_after_remediation: PASS diff --git a/tests/assertions/ocp/ocp4-pci-dss-node-4.13.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4.13.yml similarity index 100% rename from tests/assertions/ocp/ocp4-pci-dss-node-4.13.yml rename to tests/assertions/ocp4/ocp4-pci-dss-node-4.13.yml diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml new file mode 100644 index 00000000000..8d442ed3fe2 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml @@ -0,0 +1,453 @@ +rule_results: + e2e-pci-dss-node-master-directory-permissions-var-log-kube-audit: + default_result: PASS + e2e-pci-dss-node-master-directory-permissions-var-log-oauth-audit: + default_result: PASS + e2e-pci-dss-node-master-directory-permissions-var-log-ocp-audit: + default_result: PASS + e2e-pci-dss-node-master-etcd-unique-ca: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-cni-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-data-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-member: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-kube-apiserver: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-kube-scheduler: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-multus-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-worker-ca: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-worker-service: + default_result: PASS + e2e-pci-dss-node-master-file-owner-cni-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-data-dir: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-data-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-member: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-kube-apiserver: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kube-controller-manager: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kube-scheduler: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kubelet: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + e2e-pci-dss-node-master-file-owner-multus-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-owner-worker-ca: + default_result: PASS + e2e-pci-dss-node-master-file-owner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-owner-worker-service: + default_result: PASS + e2e-pci-dss-node-master-file-ownership-var-log-kube-audit: + default_result: PASS + e2e-pci-dss-node-master-file-ownership-var-log-oauth-audit: + default_result: PASS + e2e-pci-dss-node-master-file-ownership-var-log-ocp-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-cni-conf: + default_result: FAIL + e2e-pci-dss-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-data-dir: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-data-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-member: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-permissions-kube-apiserver: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-kube-controller-manager: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-multus-conf: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-permissions-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-pid: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-scheduler: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-var-log-kube-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-var-log-oauth-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-var-log-ocp-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-worker-ca: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-worker-service: + default_result: PASS + e2e-pci-dss-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-kubelet-anonymous-auth: + default_result: PASS + e2e-pci-dss-node-master-kubelet-authorization-mode: + default_result: PASS + e2e-pci-dss-node-master-kubelet-configure-client-ca: + default_result: PASS + e2e-pci-dss-node-master-kubelet-configure-event-creation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-cert-rotation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-streaming-connections: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + e2e-pci-dss-node-master-partition-for-var-log-kube-apiserver: + default_result: MANUAL + e2e-pci-dss-node-master-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + e2e-pci-dss-node-master-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + e2e-pci-dss-node-master-tls-version-check-masters-workers: + default_result: PASS + e2e-pci-dss-node-worker-directory-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-directory-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-directory-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-cni-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-multus-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-worker-ca: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-worker-service: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-cni-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kubelet: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-multus-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-worker-ca: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-worker-service: + default_result: PASS + e2e-pci-dss-node-worker-file-ownership-var-log-kube-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-ownership-var-log-oauth-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-ownership-var-log-ocp-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-cni-conf: + default_result: FAIL + e2e-pci-dss-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-multus-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-worker-ca: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-worker-service: + default_result: PASS + e2e-pci-dss-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-kubelet-anonymous-auth: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-authorization-mode: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-configure-client-ca: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-configure-event-creation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + e2e-pci-dss-node-worker-partition-for-var-log-kube-apiserver: + default_result: MANUAL + e2e-pci-dss-node-worker-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + e2e-pci-dss-node-worker-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + e2e-pci-dss-node-worker-tls-version-check-masters-workers: + default_result: PASS diff --git a/tests/assertions/ocp/ocp4-stig-4.13.yml b/tests/assertions/ocp4/ocp4-stig-4.13.yml similarity index 100% rename from tests/assertions/ocp/ocp4-stig-4.13.yml rename to tests/assertions/ocp4/ocp4-stig-4.13.yml diff --git a/tests/assertions/ocp4/ocp4-stig-4.14.yml b/tests/assertions/ocp4/ocp4-stig-4.14.yml new file mode 100644 index 00000000000..592213c4052 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-stig-4.14.yml @@ -0,0 +1,370 @@ +rule_results: + e2e-stig-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-audit-error-alert-exists: + default_result: PASS + result_after_remediation: PASS + e2e-stig-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-audit-log-forwarding-uses-tls: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-classification-banner: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-cluster-logging-operator-exist: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-cluster-version-operator-exists: + default_result: PASS + result_after_remediation: PASS + e2e-stig-cluster-version-operator-verify-integrity: + default_result: PASS + result_after_remediation: PASS + e2e-stig-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-stig-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-container-security-operator-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-rotate-kubelet-server-certs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-fips-mode-enabled-on-all-nodes: + default_result: PASS + result_after_remediation: PASS + e2e-stig-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-image-pruner-active: + default_result: PASS + result_after_remediation: PASS + e2e-stig-imagestream-sets-schedule: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ingress-controller-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-stig-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-stig-oauth-login-template-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauth-logout-url-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauth-or-oauthclient-token-maxage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauth-provider-selection-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauthclient-inactivity-timeout: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-stig-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-stig-openshift-motd-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-project-config-and-template-network-policy: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-project-config-and-template-resource-quota: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-stig-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-logging-del: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-logging-mod: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-logging-view: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-resource-requests-quota-per-project: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-routes-rate-limit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scansettings-have-schedule: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scc-limit-host-dir-volume-plugin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-host-ports: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp/rhcos4-moderate-4.14.yml b/tests/assertions/ocp4/rhcos4-moderate-4.14.yml similarity index 100% rename from tests/assertions/ocp/rhcos4-moderate-4.14.yml rename to tests/assertions/ocp4/rhcos4-moderate-4.14.yml From cb1a22f32f95d044d3b07ce1034b6b7ffe357ec9 Mon Sep 17 00:00:00 2001 From: Vincent Shen Date: Tue, 23 Apr 2024 03:20:55 -0700 Subject: [PATCH 5/9] Add ocp4 assertion files for ocp4.15, ocp4.15 and ocp4.16 Added assertion files for profiles: ocp4-cis ocp4-cis-node ocp4-e8 ocp4-high ocp4-high-node ocp4-moderate ocp4-moderate-node ocp4-pci-dss ocp4-pci-dss-node ocp4-stig ocp4-stig-node rhcos4-e8 rhcos4-high rhcos4-moderate rhcos4-stig --- tests/assertions/ocp4/ocp4-cis-4.15.yml | 295 ++++ tests/assertions/ocp4/ocp4-cis-4.16.yml | 295 ++++ tests/assertions/ocp4/ocp4-cis-node-4.15.yml | 401 +++++ tests/assertions/ocp4/ocp4-cis-node-4.16.yml | 401 +++++ tests/assertions/ocp4/ocp4-e8-4.15.yml | 37 + tests/assertions/ocp4/ocp4-e8-4.16.yml | 37 + tests/assertions/ocp4/ocp4-high-4.15.yml | 406 +++++ tests/assertions/ocp4/ocp4-high-4.16.yml | 406 +++++ tests/assertions/ocp4/ocp4-high-node-4.15.yml | 721 ++++++++ tests/assertions/ocp4/ocp4-high-node-4.16.yml | 721 ++++++++ tests/assertions/ocp4/ocp4-moderate-4.15.yml | 397 +++++ tests/assertions/ocp4/ocp4-moderate-4.16.yml | 397 +++++ .../ocp4/ocp4-moderate-node-4.15.yml | 721 ++++++++ .../ocp4/ocp4-moderate-node-4.16.yml | 721 ++++++++ tests/assertions/ocp4/ocp4-pci-dss-4.15.yml | 337 ++++ tests/assertions/ocp4/ocp4-pci-dss-4.16.yml | 337 ++++ .../ocp4/ocp4-pci-dss-node-4.15.yml | 453 ++++++ .../ocp4/ocp4-pci-dss-node-4.16.yml | 453 ++++++ tests/assertions/ocp4/ocp4-stig-4.15.yml | 370 +++++ tests/assertions/ocp4/ocp4-stig-4.16.yml | 370 +++++ tests/assertions/ocp4/ocp4-stig-node-4.13.yml | 637 ++++++++ tests/assertions/ocp4/ocp4-stig-node-4.14.yml | 637 ++++++++ tests/assertions/ocp4/ocp4-stig-node-4.15.yml | 637 ++++++++ tests/assertions/ocp4/ocp4-stig-node-4.16.yml | 637 ++++++++ tests/assertions/ocp4/rhcos4-e8-4.14.yml | 301 ++++ tests/assertions/ocp4/rhcos4-e8-4.15.yml | 301 ++++ tests/assertions/ocp4/rhcos4-e8-4.16.yml | 0 tests/assertions/ocp4/rhcos4-high-4.14.yml | 1447 +++++++++++++++++ tests/assertions/ocp4/rhcos4-high-4.15.yml | 1447 +++++++++++++++++ tests/assertions/ocp4/rhcos4-high-4.16.yml | 1447 +++++++++++++++++ .../assertions/ocp4/rhcos4-moderate-4.14.yml | 94 +- .../assertions/ocp4/rhcos4-moderate-4.15.yml | 1441 ++++++++++++++++ .../assertions/ocp4/rhcos4-moderate-4.16.yml | 1441 ++++++++++++++++ tests/assertions/ocp4/rhcos4-stig-4.14.yml | 715 ++++++++ tests/assertions/ocp4/rhcos4-stig-4.15.yml | 715 ++++++++ tests/assertions/ocp4/rhcos4-stig-4.16.yml | 715 ++++++++ 36 files changed, 20838 insertions(+), 50 deletions(-) create mode 100644 tests/assertions/ocp4/ocp4-cis-4.15.yml create mode 100644 tests/assertions/ocp4/ocp4-cis-4.16.yml create mode 100644 tests/assertions/ocp4/ocp4-cis-node-4.15.yml create mode 100644 tests/assertions/ocp4/ocp4-cis-node-4.16.yml create mode 100644 tests/assertions/ocp4/ocp4-e8-4.15.yml create mode 100644 tests/assertions/ocp4/ocp4-e8-4.16.yml create mode 100644 tests/assertions/ocp4/ocp4-high-4.15.yml create mode 100644 tests/assertions/ocp4/ocp4-high-4.16.yml create mode 100644 tests/assertions/ocp4/ocp4-high-node-4.15.yml create mode 100644 tests/assertions/ocp4/ocp4-high-node-4.16.yml create mode 100644 tests/assertions/ocp4/ocp4-moderate-4.15.yml create mode 100644 tests/assertions/ocp4/ocp4-moderate-4.16.yml create mode 100644 tests/assertions/ocp4/ocp4-moderate-node-4.15.yml create mode 100644 tests/assertions/ocp4/ocp4-moderate-node-4.16.yml create mode 100644 tests/assertions/ocp4/ocp4-pci-dss-4.15.yml create mode 100644 tests/assertions/ocp4/ocp4-pci-dss-4.16.yml create mode 100644 tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml create mode 100644 tests/assertions/ocp4/ocp4-pci-dss-node-4.16.yml create mode 100644 tests/assertions/ocp4/ocp4-stig-4.15.yml create mode 100644 tests/assertions/ocp4/ocp4-stig-4.16.yml create mode 100644 tests/assertions/ocp4/ocp4-stig-node-4.13.yml create mode 100644 tests/assertions/ocp4/ocp4-stig-node-4.14.yml create mode 100644 tests/assertions/ocp4/ocp4-stig-node-4.15.yml create mode 100644 tests/assertions/ocp4/ocp4-stig-node-4.16.yml create mode 100644 tests/assertions/ocp4/rhcos4-e8-4.14.yml create mode 100644 tests/assertions/ocp4/rhcos4-e8-4.15.yml create mode 100644 tests/assertions/ocp4/rhcos4-e8-4.16.yml create mode 100644 tests/assertions/ocp4/rhcos4-high-4.14.yml create mode 100644 tests/assertions/ocp4/rhcos4-high-4.15.yml create mode 100644 tests/assertions/ocp4/rhcos4-high-4.16.yml create mode 100644 tests/assertions/ocp4/rhcos4-moderate-4.15.yml create mode 100644 tests/assertions/ocp4/rhcos4-moderate-4.16.yml create mode 100644 tests/assertions/ocp4/rhcos4-stig-4.14.yml create mode 100644 tests/assertions/ocp4/rhcos4-stig-4.15.yml create mode 100644 tests/assertions/ocp4/rhcos4-stig-4.16.yml diff --git a/tests/assertions/ocp4/ocp4-cis-4.15.yml b/tests/assertions/ocp4/ocp4-cis-4.15.yml new file mode 100644 index 00000000000..871e82cf83f --- /dev/null +++ b/tests/assertions/ocp4/ocp4-cis-4.15.yml @@ -0,0 +1,295 @@ +rule_results: + e2e-cis-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-cis-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-cis-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-cis-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-cis-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-cis-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-cis-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-cis-4.16.yml b/tests/assertions/ocp4/ocp4-cis-4.16.yml new file mode 100644 index 00000000000..871e82cf83f --- /dev/null +++ b/tests/assertions/ocp4/ocp4-cis-4.16.yml @@ -0,0 +1,295 @@ +rule_results: + e2e-cis-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-cis-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-cis-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-cis-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-cis-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-cis-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-cis-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-cis-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-cis-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-cis-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-cis-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-cis-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-cis-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-cis-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-cis-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-cis-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-cis-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-cis-node-4.15.yml b/tests/assertions/ocp4/ocp4-cis-node-4.15.yml new file mode 100644 index 00000000000..00a14f3a53f --- /dev/null +++ b/tests/assertions/ocp4/ocp4-cis-node-4.15.yml @@ -0,0 +1,401 @@ +rule_results: + e2e-cis-node-master-etcd-unique-ca: + default_result: PASS + e2e-cis-node-master-file-groupowner-cni-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-data-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-member: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-kube-apiserver: + default_result: PASS + e2e-cis-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + e2e-cis-node-master-file-groupowner-kube-scheduler: + default_result: PASS + e2e-cis-node-master-file-groupowner-kubelet-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + e2e-cis-node-master-file-groupowner-multus-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-pid: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-groupowner-worker-ca: + default_result: PASS + e2e-cis-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-groupowner-worker-service: + default_result: PASS + e2e-cis-node-master-file-owner-cni-conf: + default_result: PASS + e2e-cis-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-data-dir: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-data-files: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-member: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-kube-apiserver: + default_result: PASS + e2e-cis-node-master-file-owner-kube-controller-manager: + default_result: PASS + e2e-cis-node-master-file-owner-kube-scheduler: + default_result: PASS + e2e-cis-node-master-file-owner-kubelet: + default_result: PASS + e2e-cis-node-master-file-owner-kubelet-conf: + default_result: PASS + e2e-cis-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + e2e-cis-node-master-file-owner-multus-conf: + default_result: PASS + e2e-cis-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + e2e-cis-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-ovs-conf-db: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-pid: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-owner-worker-ca: + default_result: PASS + e2e-cis-node-master-file-owner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-owner-worker-service: + default_result: PASS + e2e-cis-node-master-file-permissions-cni-conf: + default_result: FAIL + e2e-cis-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-data-dir: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-data-files: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-member: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-permissions-kube-apiserver: + default_result: PASS + e2e-cis-node-master-file-permissions-kube-controller-manager: + default_result: PASS + e2e-cis-node-master-file-permissions-kubelet-conf: + default_result: PASS + e2e-cis-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + e2e-cis-node-master-file-permissions-multus-conf: + default_result: PASS + e2e-cis-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + e2e-cis-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-permissions-ovs-conf-db: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-pid: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-master-file-permissions-scheduler: + default_result: PASS + e2e-cis-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-permissions-worker-ca: + default_result: PASS + e2e-cis-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-permissions-worker-service: + default_result: PASS + e2e-cis-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-master-kubelet-anonymous-auth: + default_result: PASS + e2e-cis-node-master-kubelet-authorization-mode: + default_result: PASS + e2e-cis-node-master-kubelet-configure-client-ca: + default_result: PASS + e2e-cis-node-master-kubelet-configure-event-creation: + default_result: PASS + e2e-cis-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-cis-node-master-kubelet-enable-cert-rotation: + default_result: PASS + e2e-cis-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-cis-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-cis-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-cis-node-master-kubelet-enable-streaming-connections: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + e2e-cis-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-cni-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-multus-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-pid: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-worker-ca: + default_result: PASS + e2e-cis-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-worker-file-groupowner-worker-service: + default_result: PASS + e2e-cis-node-worker-file-owner-cni-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kubelet: + default_result: PASS + e2e-cis-node-worker-file-owner-kubelet-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-multus-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ovs-conf-db: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-pid: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-worker-ca: + default_result: PASS + e2e-cis-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-worker-file-owner-worker-service: + default_result: PASS + e2e-cis-node-worker-file-permissions-cni-conf: + default_result: FAIL + e2e-cis-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-kubelet-conf: + default_result: PASS + e2e-cis-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-multus-conf: + default_result: PASS + e2e-cis-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-pid: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-worker-ca: + default_result: PASS + e2e-cis-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-cis-node-worker-file-permissions-worker-service: + default_result: PASS + e2e-cis-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-kubelet-anonymous-auth: + default_result: PASS + e2e-cis-node-worker-kubelet-authorization-mode: + default_result: PASS + e2e-cis-node-worker-kubelet-configure-client-ca: + default_result: PASS + e2e-cis-node-worker-kubelet-configure-event-creation: + default_result: PASS + e2e-cis-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS diff --git a/tests/assertions/ocp4/ocp4-cis-node-4.16.yml b/tests/assertions/ocp4/ocp4-cis-node-4.16.yml new file mode 100644 index 00000000000..00a14f3a53f --- /dev/null +++ b/tests/assertions/ocp4/ocp4-cis-node-4.16.yml @@ -0,0 +1,401 @@ +rule_results: + e2e-cis-node-master-etcd-unique-ca: + default_result: PASS + e2e-cis-node-master-file-groupowner-cni-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-data-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-member: + default_result: PASS + e2e-cis-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-kube-apiserver: + default_result: PASS + e2e-cis-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + e2e-cis-node-master-file-groupowner-kube-scheduler: + default_result: PASS + e2e-cis-node-master-file-groupowner-kubelet-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + e2e-cis-node-master-file-groupowner-multus-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + e2e-cis-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-pid: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-groupowner-worker-ca: + default_result: PASS + e2e-cis-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-groupowner-worker-service: + default_result: PASS + e2e-cis-node-master-file-owner-cni-conf: + default_result: PASS + e2e-cis-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-data-dir: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-data-files: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-member: + default_result: PASS + e2e-cis-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-kube-apiserver: + default_result: PASS + e2e-cis-node-master-file-owner-kube-controller-manager: + default_result: PASS + e2e-cis-node-master-file-owner-kube-scheduler: + default_result: PASS + e2e-cis-node-master-file-owner-kubelet: + default_result: PASS + e2e-cis-node-master-file-owner-kubelet-conf: + default_result: PASS + e2e-cis-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + e2e-cis-node-master-file-owner-multus-conf: + default_result: PASS + e2e-cis-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + e2e-cis-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-owner-ovs-conf-db: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-pid: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-owner-worker-ca: + default_result: PASS + e2e-cis-node-master-file-owner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-owner-worker-service: + default_result: PASS + e2e-cis-node-master-file-permissions-cni-conf: + default_result: FAIL + e2e-cis-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-data-dir: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-data-files: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-member: + default_result: PASS + e2e-cis-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-permissions-kube-apiserver: + default_result: PASS + e2e-cis-node-master-file-permissions-kube-controller-manager: + default_result: PASS + e2e-cis-node-master-file-permissions-kubelet-conf: + default_result: PASS + e2e-cis-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + e2e-cis-node-master-file-permissions-multus-conf: + default_result: PASS + e2e-cis-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + e2e-cis-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + e2e-cis-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-master-file-permissions-ovs-conf-db: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-pid: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-master-file-permissions-scheduler: + default_result: PASS + e2e-cis-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-permissions-worker-ca: + default_result: PASS + e2e-cis-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-cis-node-master-file-permissions-worker-service: + default_result: PASS + e2e-cis-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-master-kubelet-anonymous-auth: + default_result: PASS + e2e-cis-node-master-kubelet-authorization-mode: + default_result: PASS + e2e-cis-node-master-kubelet-configure-client-ca: + default_result: PASS + e2e-cis-node-master-kubelet-configure-event-creation: + default_result: PASS + e2e-cis-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-cis-node-master-kubelet-enable-cert-rotation: + default_result: PASS + e2e-cis-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-cis-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-cis-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-cis-node-master-kubelet-enable-streaming-connections: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-cis-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + e2e-cis-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-cni-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-multus-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-pid: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-groupowner-worker-ca: + default_result: PASS + e2e-cis-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-worker-file-groupowner-worker-service: + default_result: PASS + e2e-cis-node-worker-file-owner-cni-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-kubelet: + default_result: PASS + e2e-cis-node-worker-file-owner-kubelet-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-multus-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-ovs-conf-db: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-pid: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-owner-worker-ca: + default_result: PASS + e2e-cis-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + e2e-cis-node-worker-file-owner-worker-service: + default_result: PASS + e2e-cis-node-worker-file-permissions-cni-conf: + default_result: FAIL + e2e-cis-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-kubelet-conf: + default_result: PASS + e2e-cis-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-multus-conf: + default_result: PASS + e2e-cis-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-pid: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-cis-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-cis-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-file-permissions-worker-ca: + default_result: PASS + e2e-cis-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-cis-node-worker-file-permissions-worker-service: + default_result: PASS + e2e-cis-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-cis-node-worker-kubelet-anonymous-auth: + default_result: PASS + e2e-cis-node-worker-kubelet-authorization-mode: + default_result: PASS + e2e-cis-node-worker-kubelet-configure-client-ca: + default_result: PASS + e2e-cis-node-worker-kubelet-configure-event-creation: + default_result: PASS + e2e-cis-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-cis-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-cis-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS diff --git a/tests/assertions/ocp4/ocp4-e8-4.15.yml b/tests/assertions/ocp4/ocp4-e8-4.15.yml new file mode 100644 index 00000000000..e82d5122341 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-e8-4.15.yml @@ -0,0 +1,37 @@ +rule_results: + e2e-e8-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-e8-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-e8-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-e8-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-e8-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-e8-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-e8-4.16.yml b/tests/assertions/ocp4/ocp4-e8-4.16.yml new file mode 100644 index 00000000000..e82d5122341 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-e8-4.16.yml @@ -0,0 +1,37 @@ +rule_results: + e2e-e8-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-e8-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-e8-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-e8-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-e8-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-e8-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-e8-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-high-4.15.yml b/tests/assertions/ocp4/ocp4-high-4.15.yml new file mode 100644 index 00000000000..0686ed1a4d0 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-high-4.15.yml @@ -0,0 +1,406 @@ +rule_results: + e2e-high-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-alert-receiver-configured: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-high-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-audit-error-alert-exists: + default_result: PASS + result_after_remediation: PASS + e2e-high-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-audit-log-forwarding-uses-tls: + default_result: FAIL + result_after_remediation: PASS + e2e-high-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-high-banner-or-login-template-set: + default_result: FAIL + result_after_remediation: PASS + e2e-high-cluster-logging-operator-exist: + default_result: FAIL + result_after_remediation: PASS + e2e-high-cluster-version-operator-exists: + default_result: PASS + result_after_remediation: PASS + e2e-high-cluster-version-operator-verify-integrity: + default_result: PASS + result_after_remediation: PASS + e2e-high-cluster-wide-proxy-set: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-compliance-notification-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-high-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-rotate-kubelet-server-certs: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-high-default-ingress-ca-replaced: + default_result: FAIL + result_after_remediation: PASS + e2e-high-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-high-file-integrity-notification-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-fips-mode-enabled-on-all-nodes: + default_result: PASS + result_after_remediation: PASS + e2e-high-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-gitops-operator-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-high-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-high-ingress-controller-certificate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-ingress-controller-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-high-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-high-oauth-or-oauthclient-inactivity-timeout: + default_result: FAIL + result_after_remediation: PASS + e2e-high-oauth-or-oauthclient-token-maxage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-high-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-high-openshift-motd-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-high-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-high-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-resource-requests-limits-in-daemonset: + default_result: PASS + result_after_remediation: PASS + e2e-high-resource-requests-limits-in-deployment: + default_result: PASS + result_after_remediation: PASS + e2e-high-resource-requests-limits-in-statefulset: + default_result: PASS + result_after_remediation: PASS + e2e-high-resource-requests-quota: + default_result: FAIL + result_after_remediation: PASS + e2e-high-route-ip-whitelist: + default_result: PASS + result_after_remediation: PASS + e2e-high-routes-protected-by-tls: + default_result: PASS + result_after_remediation: PASS + e2e-high-routes-rate-limit: + default_result: PASS + result_after_remediation: PASS + e2e-high-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-high-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-high-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-high-4.16.yml b/tests/assertions/ocp4/ocp4-high-4.16.yml new file mode 100644 index 00000000000..0686ed1a4d0 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-high-4.16.yml @@ -0,0 +1,406 @@ +rule_results: + e2e-high-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-alert-receiver-configured: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-high-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-high-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-audit-error-alert-exists: + default_result: PASS + result_after_remediation: PASS + e2e-high-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-audit-log-forwarding-uses-tls: + default_result: FAIL + result_after_remediation: PASS + e2e-high-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-high-banner-or-login-template-set: + default_result: FAIL + result_after_remediation: PASS + e2e-high-cluster-logging-operator-exist: + default_result: FAIL + result_after_remediation: PASS + e2e-high-cluster-version-operator-exists: + default_result: PASS + result_after_remediation: PASS + e2e-high-cluster-version-operator-verify-integrity: + default_result: PASS + result_after_remediation: PASS + e2e-high-cluster-wide-proxy-set: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-compliance-notification-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-high-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-rotate-kubelet-server-certs: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-high-default-ingress-ca-replaced: + default_result: FAIL + result_after_remediation: PASS + e2e-high-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-high-file-integrity-notification-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-fips-mode-enabled-on-all-nodes: + default_result: PASS + result_after_remediation: PASS + e2e-high-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-gitops-operator-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-high-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-high-ingress-controller-certificate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-ingress-controller-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-high-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-high-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-high-oauth-or-oauthclient-inactivity-timeout: + default_result: FAIL + result_after_remediation: PASS + e2e-high-oauth-or-oauthclient-token-maxage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-high-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-high-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-high-openshift-motd-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-high-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-high-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-resource-requests-limits-in-daemonset: + default_result: PASS + result_after_remediation: PASS + e2e-high-resource-requests-limits-in-deployment: + default_result: PASS + result_after_remediation: PASS + e2e-high-resource-requests-limits-in-statefulset: + default_result: PASS + result_after_remediation: PASS + e2e-high-resource-requests-quota: + default_result: FAIL + result_after_remediation: PASS + e2e-high-route-ip-whitelist: + default_result: PASS + result_after_remediation: PASS + e2e-high-routes-protected-by-tls: + default_result: PASS + result_after_remediation: PASS + e2e-high-routes-rate-limit: + default_result: PASS + result_after_remediation: PASS + e2e-high-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-high-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-high-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-high-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-high-node-4.15.yml b/tests/assertions/ocp4/ocp4-high-node-4.15.yml new file mode 100644 index 00000000000..7582f9f3038 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-high-node-4.15.yml @@ -0,0 +1,721 @@ +rule_results: + e2e-high-node-master-directory-access-var-log-kube-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-master-directory-access-var-log-oauth-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-master-directory-access-var-log-ocp-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-master-directory-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-directory-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-directory-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-etcd-unique-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-ownership-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-ownership-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-ownership-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-permissions-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-master-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-master-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-master-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-worker-directory-access-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-access-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-access-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-ownership-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-ownership-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-ownership-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-worker-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-worker-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-worker-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-node-4.16.yml b/tests/assertions/ocp4/ocp4-high-node-4.16.yml new file mode 100644 index 00000000000..7582f9f3038 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-high-node-4.16.yml @@ -0,0 +1,721 @@ +rule_results: + e2e-high-node-master-directory-access-var-log-kube-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-master-directory-access-var-log-oauth-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-master-directory-access-var-log-ocp-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-master-directory-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-directory-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-directory-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-etcd-unique-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-ownership-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-ownership-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-ownership-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-permissions-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-master-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-master-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-master-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-master-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-master-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS + e2e-high-node-worker-directory-access-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-access-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-access-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-directory-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-ownership-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-ownership-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-ownership-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-node-worker-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-high-node-worker-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-worker-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-worker-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-node-worker-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-4.15.yml b/tests/assertions/ocp4/ocp4-moderate-4.15.yml new file mode 100644 index 00000000000..80bc7221e3d --- /dev/null +++ b/tests/assertions/ocp4/ocp4-moderate-4.15.yml @@ -0,0 +1,397 @@ +rule_results: + e2e-moderate-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-audit-error-alert-exists: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-audit-log-forwarding-uses-tls: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-banner-or-login-template-set: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-cluster-version-operator-exists: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-cluster-version-operator-verify-integrity: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-cluster-wide-proxy-set: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-compliance-notification-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-rotate-kubelet-server-certs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-default-ingress-ca-replaced: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-file-integrity-notification-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-fips-mode-enabled-on-all-nodes: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-ingress-controller-certificate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-ingress-controller-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-oauth-or-oauthclient-inactivity-timeout: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-oauth-or-oauthclient-token-maxage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-openshift-motd-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-resource-requests-limits-in-daemonset: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-resource-requests-limits-in-deployment: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-resource-requests-limits-in-statefulset: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-resource-requests-quota: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-route-ip-whitelist: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-routes-protected-by-tls: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-routes-rate-limit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-moderate-4.16.yml b/tests/assertions/ocp4/ocp4-moderate-4.16.yml new file mode 100644 index 00000000000..80bc7221e3d --- /dev/null +++ b/tests/assertions/ocp4/ocp4-moderate-4.16.yml @@ -0,0 +1,397 @@ +rule_results: + e2e-moderate-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-audit-error-alert-exists: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-audit-log-forwarding-uses-tls: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-banner-or-login-template-set: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-cluster-version-operator-exists: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-cluster-version-operator-verify-integrity: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-cluster-wide-proxy-set: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-compliance-notification-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-rotate-kubelet-server-certs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-default-ingress-ca-replaced: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-file-integrity-notification-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-fips-mode-enabled-on-all-nodes: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-ingress-controller-certificate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-ingress-controller-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-oauth-or-oauthclient-inactivity-timeout: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-oauth-or-oauthclient-token-maxage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-openshift-motd-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-resource-requests-limits-in-daemonset: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-resource-requests-limits-in-deployment: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-resource-requests-limits-in-statefulset: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-resource-requests-quota: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-route-ip-whitelist: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-routes-protected-by-tls: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-routes-rate-limit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml new file mode 100644 index 00000000000..9ba23c0c906 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml @@ -0,0 +1,721 @@ +rule_results: + e2e-moderate-node-master-directory-access-var-log-kube-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-master-directory-access-var-log-oauth-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-master-directory-access-var-log-ocp-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-master-directory-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-directory-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-directory-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-etcd-unique-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-ownership-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-ownership-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-ownership-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-permissions-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-master-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-master-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-master-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-worker-directory-access-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-access-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-access-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-ownership-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-ownership-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-ownership-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-worker-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-worker-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-worker-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.16.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.16.yml new file mode 100644 index 00000000000..9ba23c0c906 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.16.yml @@ -0,0 +1,721 @@ +rule_results: + e2e-moderate-node-master-directory-access-var-log-kube-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-master-directory-access-var-log-oauth-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-master-directory-access-var-log-ocp-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-master-directory-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-directory-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-directory-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-etcd-unique-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-ownership-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-ownership-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-ownership-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-permissions-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-var-log-kube-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-var-log-oauth-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-var-log-ocp-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-master-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-master-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-master-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-master-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-master-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-node-worker-directory-access-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-access-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-access-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-directory-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-ownership-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-ownership-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-ownership-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-node-worker-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-node-worker-partition-for-var-log-kube-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-worker-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-worker-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-node-worker-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-pci-dss-4.15.yml b/tests/assertions/ocp4/ocp4-pci-dss-4.15.yml new file mode 100644 index 00000000000..b8e07a97b1c --- /dev/null +++ b/tests/assertions/ocp4/ocp4-pci-dss-4.15.yml @@ -0,0 +1,337 @@ +rule_results: + e2e-pci-dss-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-check-cipher-suite: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-file-integrity-notification-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-pci-dss-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-kubelet-configure-tls-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-machine-volume-encrypted: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-pci-dss-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-pci-dss-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-cluster-roles-defined: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-roles-defined: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-routes-protected-by-tls: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-storageclass-encryption-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-tls-version-check-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-tls-version-check-router: + default_result: PASS + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-pci-dss-4.16.yml b/tests/assertions/ocp4/ocp4-pci-dss-4.16.yml new file mode 100644 index 00000000000..b8e07a97b1c --- /dev/null +++ b/tests/assertions/ocp4/ocp4-pci-dss-4.16.yml @@ -0,0 +1,337 @@ +rule_results: + e2e-pci-dss-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-api-server-etcd-ca: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-tls-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-audit-log-forwarding-webhook: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-audit-logging-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-configure-network-policies-hypershift-hosted: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-check-cipher-suite: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-etcd-peer-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-file-integrity-notification-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-pci-dss-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-pci-dss-kubelet-configure-tls-cert: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-kubelet-configure-tls-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-kubelet-configure-tls-key: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-kubelet-configure-tls-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-pci-dss-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-machine-volume-encrypted: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-pci-dss-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-pci-dss-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-cluster-roles-defined: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-rbac-roles-defined: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-routes-protected-by-tls: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-scheduler-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-scheduler-service-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-pci-dss-storageclass-encryption-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-tls-version-check-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-pci-dss-tls-version-check-router: + default_result: PASS + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml new file mode 100644 index 00000000000..8d442ed3fe2 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml @@ -0,0 +1,453 @@ +rule_results: + e2e-pci-dss-node-master-directory-permissions-var-log-kube-audit: + default_result: PASS + e2e-pci-dss-node-master-directory-permissions-var-log-oauth-audit: + default_result: PASS + e2e-pci-dss-node-master-directory-permissions-var-log-ocp-audit: + default_result: PASS + e2e-pci-dss-node-master-etcd-unique-ca: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-cni-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-data-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-member: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-kube-apiserver: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-kube-scheduler: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-multus-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-worker-ca: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-worker-service: + default_result: PASS + e2e-pci-dss-node-master-file-owner-cni-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-data-dir: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-data-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-member: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-kube-apiserver: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kube-controller-manager: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kube-scheduler: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kubelet: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + e2e-pci-dss-node-master-file-owner-multus-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-owner-worker-ca: + default_result: PASS + e2e-pci-dss-node-master-file-owner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-owner-worker-service: + default_result: PASS + e2e-pci-dss-node-master-file-ownership-var-log-kube-audit: + default_result: PASS + e2e-pci-dss-node-master-file-ownership-var-log-oauth-audit: + default_result: PASS + e2e-pci-dss-node-master-file-ownership-var-log-ocp-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-cni-conf: + default_result: FAIL + e2e-pci-dss-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-data-dir: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-data-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-member: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-permissions-kube-apiserver: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-kube-controller-manager: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-multus-conf: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-permissions-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-pid: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-scheduler: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-var-log-kube-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-var-log-oauth-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-var-log-ocp-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-worker-ca: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-worker-service: + default_result: PASS + e2e-pci-dss-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-kubelet-anonymous-auth: + default_result: PASS + e2e-pci-dss-node-master-kubelet-authorization-mode: + default_result: PASS + e2e-pci-dss-node-master-kubelet-configure-client-ca: + default_result: PASS + e2e-pci-dss-node-master-kubelet-configure-event-creation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-cert-rotation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-streaming-connections: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + e2e-pci-dss-node-master-partition-for-var-log-kube-apiserver: + default_result: MANUAL + e2e-pci-dss-node-master-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + e2e-pci-dss-node-master-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + e2e-pci-dss-node-master-tls-version-check-masters-workers: + default_result: PASS + e2e-pci-dss-node-worker-directory-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-directory-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-directory-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-cni-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-multus-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-worker-ca: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-worker-service: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-cni-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kubelet: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-multus-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-worker-ca: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-worker-service: + default_result: PASS + e2e-pci-dss-node-worker-file-ownership-var-log-kube-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-ownership-var-log-oauth-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-ownership-var-log-ocp-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-cni-conf: + default_result: FAIL + e2e-pci-dss-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-multus-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-worker-ca: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-worker-service: + default_result: PASS + e2e-pci-dss-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-kubelet-anonymous-auth: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-authorization-mode: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-configure-client-ca: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-configure-event-creation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + e2e-pci-dss-node-worker-partition-for-var-log-kube-apiserver: + default_result: MANUAL + e2e-pci-dss-node-worker-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + e2e-pci-dss-node-worker-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + e2e-pci-dss-node-worker-tls-version-check-masters-workers: + default_result: PASS diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4.16.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4.16.yml new file mode 100644 index 00000000000..8d442ed3fe2 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4.16.yml @@ -0,0 +1,453 @@ +rule_results: + e2e-pci-dss-node-master-directory-permissions-var-log-kube-audit: + default_result: PASS + e2e-pci-dss-node-master-directory-permissions-var-log-oauth-audit: + default_result: PASS + e2e-pci-dss-node-master-directory-permissions-var-log-ocp-audit: + default_result: PASS + e2e-pci-dss-node-master-etcd-unique-ca: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-cni-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-data-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-member: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-kube-apiserver: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-kube-scheduler: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-multus-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-worker-ca: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-groupowner-worker-service: + default_result: PASS + e2e-pci-dss-node-master-file-owner-cni-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-data-dir: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-data-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-member: + default_result: PASS + e2e-pci-dss-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-kube-apiserver: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kube-controller-manager: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kube-scheduler: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kubelet: + default_result: PASS + e2e-pci-dss-node-master-file-owner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + e2e-pci-dss-node-master-file-owner-multus-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + e2e-pci-dss-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-owner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-owner-worker-ca: + default_result: PASS + e2e-pci-dss-node-master-file-owner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-owner-worker-service: + default_result: PASS + e2e-pci-dss-node-master-file-ownership-var-log-kube-audit: + default_result: PASS + e2e-pci-dss-node-master-file-ownership-var-log-oauth-audit: + default_result: PASS + e2e-pci-dss-node-master-file-ownership-var-log-ocp-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-cni-conf: + default_result: FAIL + e2e-pci-dss-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-data-dir: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-data-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-member: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-permissions-kube-apiserver: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-kube-controller-manager: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-multus-conf: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-file-permissions-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-pid: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-scheduler: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-var-log-kube-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-var-log-oauth-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-var-log-ocp-audit: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-worker-ca: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-master-file-permissions-worker-service: + default_result: PASS + e2e-pci-dss-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-master-kubelet-anonymous-auth: + default_result: PASS + e2e-pci-dss-node-master-kubelet-authorization-mode: + default_result: PASS + e2e-pci-dss-node-master-kubelet-configure-client-ca: + default_result: PASS + e2e-pci-dss-node-master-kubelet-configure-event-creation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-cert-rotation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-pci-dss-node-master-kubelet-enable-streaming-connections: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-pci-dss-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + e2e-pci-dss-node-master-partition-for-var-log-kube-apiserver: + default_result: MANUAL + e2e-pci-dss-node-master-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + e2e-pci-dss-node-master-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + e2e-pci-dss-node-master-tls-version-check-masters-workers: + default_result: PASS + e2e-pci-dss-node-worker-directory-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-directory-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-directory-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-cni-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-multus-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-groupowner-worker-ca: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-worker-file-groupowner-worker-service: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-cni-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-kubelet: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-multus-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-owner-worker-ca: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-worker-file-owner-worker-service: + default_result: PASS + e2e-pci-dss-node-worker-file-ownership-var-log-kube-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-ownership-var-log-oauth-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-ownership-var-log-ocp-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-cni-conf: + default_result: FAIL + e2e-pci-dss-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-kubelet-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-multus-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-var-log-kube-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-var-log-oauth-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-var-log-ocp-audit: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-file-permissions-worker-ca: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + e2e-pci-dss-node-worker-file-permissions-worker-service: + default_result: PASS + e2e-pci-dss-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + e2e-pci-dss-node-worker-kubelet-anonymous-auth: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-authorization-mode: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-configure-client-ca: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-configure-event-creation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + e2e-pci-dss-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + e2e-pci-dss-node-worker-partition-for-var-log-kube-apiserver: + default_result: MANUAL + e2e-pci-dss-node-worker-partition-for-var-log-oauth-apiserver: + default_result: MANUAL + e2e-pci-dss-node-worker-partition-for-var-log-openshift-apiserver: + default_result: MANUAL + e2e-pci-dss-node-worker-tls-version-check-masters-workers: + default_result: PASS diff --git a/tests/assertions/ocp4/ocp4-stig-4.15.yml b/tests/assertions/ocp4/ocp4-stig-4.15.yml new file mode 100644 index 00000000000..592213c4052 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-stig-4.15.yml @@ -0,0 +1,370 @@ +rule_results: + e2e-stig-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-audit-error-alert-exists: + default_result: PASS + result_after_remediation: PASS + e2e-stig-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-audit-log-forwarding-uses-tls: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-classification-banner: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-cluster-logging-operator-exist: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-cluster-version-operator-exists: + default_result: PASS + result_after_remediation: PASS + e2e-stig-cluster-version-operator-verify-integrity: + default_result: PASS + result_after_remediation: PASS + e2e-stig-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-stig-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-container-security-operator-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-rotate-kubelet-server-certs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-fips-mode-enabled-on-all-nodes: + default_result: PASS + result_after_remediation: PASS + e2e-stig-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-image-pruner-active: + default_result: PASS + result_after_remediation: PASS + e2e-stig-imagestream-sets-schedule: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ingress-controller-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-stig-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-stig-oauth-login-template-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauth-logout-url-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauth-or-oauthclient-token-maxage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauth-provider-selection-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauthclient-inactivity-timeout: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-stig-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-stig-openshift-motd-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-project-config-and-template-network-policy: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-project-config-and-template-resource-quota: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-stig-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-logging-del: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-logging-mod: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-logging-view: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-resource-requests-quota-per-project: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-routes-rate-limit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scansettings-have-schedule: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scc-limit-host-dir-volume-plugin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-host-ports: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-stig-4.16.yml b/tests/assertions/ocp4/ocp4-stig-4.16.yml new file mode 100644 index 00000000000..592213c4052 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-stig-4.16.yml @@ -0,0 +1,370 @@ +rule_results: + e2e-stig-accounts-restrict-service-account-tokens: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-accounts-unique-service-account: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-api-server-admission-control-plugin-alwaysadmit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-alwayspullimages: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-namespacelifecycle: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-noderestriction: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-scc: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-securitycontextdeny: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-admission-control-plugin-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-api-priority-flowschema-catch-all: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-api-priority-gate-enabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-auth-mode-no-aa: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-auth-mode-node: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-auth-mode-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-basic-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-encryption-provider-cipher: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-api-server-etcd-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-etcd-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-https-for-kubelet-conn: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-insecure-bind-address: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-insecure-port: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-kubelet-certificate-authority: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-kubelet-client-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-kubelet-client-cert-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-kubelet-client-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-kubelet-client-key-pre-4-9: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-api-server-no-adm-ctrl-plugins-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-oauth-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-openshift-https-serving-cert: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-profiling-protected-by-rbac: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-request-timeout: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-service-account-lookup: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-service-account-public-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-stig-api-server-token-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-audit-error-alert-exists: + default_result: PASS + result_after_remediation: PASS + e2e-stig-audit-log-forwarding-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-audit-log-forwarding-uses-tls: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-audit-profile-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-classification-banner: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-cluster-logging-operator-exist: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-cluster-version-operator-exists: + default_result: PASS + result_after_remediation: PASS + e2e-stig-cluster-version-operator-verify-integrity: + default_result: PASS + result_after_remediation: PASS + e2e-stig-configure-network-policies: + default_result: PASS + result_after_remediation: PASS + e2e-stig-configure-network-policies-namespaces: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-container-security-operator-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-controller-insecure-port-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-rotate-kubelet-server-certs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-secure-port: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-service-account-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-service-account-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-stig-controller-use-service-account: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-cert-file: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-key-file: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-peer-auto-tls: + default_result: PASS + result_after_remediation: PASS + e2e-stig-etcd-peer-client-cert-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-file-groupowner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-file-integrity-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-file-owner-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-file-permissions-proxy-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-fips-mode-enabled-on-all-nodes: + default_result: PASS + result_after_remediation: PASS + e2e-stig-general-apply-scc: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-configure-imagepolicywebhook: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-default-namespace-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-default-seccomp-profile: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-general-namespaces-in-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-idp-is-configured: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-image-pruner-active: + default_result: PASS + result_after_remediation: PASS + e2e-stig-imagestream-sets-schedule: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ingress-controller-tls-security-profile: + default_result: PASS + result_after_remediation: PASS + e2e-stig-kubeadmin-removed: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-kubelet-disable-readonly-port: + default_result: PASS + result_after_remediation: PASS + e2e-stig-oauth-login-template-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauth-logout-url-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauth-or-oauthclient-token-maxage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauth-provider-selection-set: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-oauthclient-inactivity-timeout: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ocp-allowed-registries: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ocp-allowed-registries-for-import: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-ocp-api-server-audit-log-maxbackup: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-api-server-audit-log-maxsize: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-idp-no-htpasswd: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-insecure-allowed-registries-for-import: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-insecure-registries: + default_result: PASS + result_after_remediation: PASS + e2e-stig-ocp-no-ldap-insecure: + default_result: PASS + result_after_remediation: PASS + e2e-stig-openshift-api-server-audit-log-path: + default_result: PASS + result_after_remediation: PASS + e2e-stig-openshift-motd-exists: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-project-config-and-template-network-policy: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-project-config-and-template-resource-quota: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-rbac-debug-role-protects-pprof: + default_result: PASS + result_after_remediation: PASS + e2e-stig-rbac-least-privilege: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-limit-cluster-admin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-limit-secrets-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-logging-del: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-logging-mod: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-logging-view: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-pod-creation-access: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-rbac-wildcard-use: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-resource-requests-quota-per-project: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-routes-rate-limit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scansettingbinding-exists: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scansettings-have-schedule: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scc-drop-container-capabilities: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-container-allowed-capabilities: + default_result: PASS + result_after_remediation: PASS + e2e-stig-scc-limit-host-dir-volume-plugin: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-host-ports: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-ipc-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-net-raw-capability: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-network-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-privilege-escalation: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-privileged-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-process-id-namespace: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-scc-limit-root-containers: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-secrets-consider-external-storage: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-secrets-no-environment-variables: + default_result: MANUAL + result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.13.yml b/tests/assertions/ocp4/ocp4-stig-node-4.13.yml new file mode 100644 index 00000000000..74af6368be7 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-stig-node-4.13.yml @@ -0,0 +1,637 @@ +rule_results: + e2e-stig-node-master-etcd-unique-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-groupowner-permissions-pod-logs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-permissions-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-groupowner-permissions-pod-logs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.14.yml b/tests/assertions/ocp4/ocp4-stig-node-4.14.yml new file mode 100644 index 00000000000..74af6368be7 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-stig-node-4.14.yml @@ -0,0 +1,637 @@ +rule_results: + e2e-stig-node-master-etcd-unique-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-groupowner-permissions-pod-logs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-permissions-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-groupowner-permissions-pod-logs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.15.yml b/tests/assertions/ocp4/ocp4-stig-node-4.15.yml new file mode 100644 index 00000000000..74af6368be7 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-stig-node-4.15.yml @@ -0,0 +1,637 @@ +rule_results: + e2e-stig-node-master-etcd-unique-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-groupowner-permissions-pod-logs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-permissions-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-groupowner-permissions-pod-logs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.16.yml b/tests/assertions/ocp4/ocp4-stig-node-4.16.yml new file mode 100644 index 00000000000..74af6368be7 --- /dev/null +++ b/tests/assertions/ocp4/ocp4-stig-node-4.16.yml @@ -0,0 +1,637 @@ +rule_results: + e2e-stig-node-master-etcd-unique-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-groupowner-permissions-pod-logs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kube-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-node-master-file-permissions-controller-manager-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-data-dir: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-data-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-member: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-etcd-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-permissions-kube-apiserver: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-kube-controller-manager: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-master-admin-kubeconfigs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-openshift-pki-cert-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-openshift-pki-key-files: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-scheduler: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-scheduler-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-master-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-master-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-node-worker-etcd-unique-ca: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-groupowner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-groupowner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-cni-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-groupowner-permissions-pod-logs: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kube-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-owner-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-owner-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-cni-conf: + default_result: FAIL + result_after_remediation: FAIL + e2e-stig-node-worker-file-permissions-controller-manager-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-data-dir: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-data-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-member: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-etcd-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ip-allocations: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-kube-apiserver: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-kube-controller-manager: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-kubelet: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-kubelet-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-master-admin-kubeconfigs: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-multus-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-openshift-pki-cert-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-openshift-pki-key-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ovn-cni-server-sock: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ovn-db-files: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-ovs-conf-db: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-conf-db-lock: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-sys-id-conf: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovs-vswitchd-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-ovsdb-server-pid: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-scheduler: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-scheduler-kubeconfig: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-file-permissions-worker-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-worker-kubeconfig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-permissions-worker-service: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-file-perms-openshift-sdn-cniserver-config: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-stig-node-worker-kubelet-anonymous-auth: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-authorization-mode: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-client-ca: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-event-creation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-tls-cipher-suites: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-configure-tls-min-version: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-client-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-iptables-util-chains: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-protect-kernel-defaults: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-protect-kernel-sysctl: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-server-cert-rotation: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-enable-streaming-connections: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-memory-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree: + default_result: PASS + result_after_remediation: PASS + e2e-stig-node-worker-reject-unsigned-images-by-default: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/rhcos4-e8-4.14.yml b/tests/assertions/ocp4/rhcos4-e8-4.14.yml new file mode 100644 index 00000000000..9061af8422f --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-e8-4.14.yml @@ -0,0 +1,301 @@ +rule_results: + e2e-e8-master-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-login-events: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-configure-crypto-policy: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-sshd-disable-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-disable-gssapi-auth: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-disable-user-known-hosts: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-do-not-permit-user-env: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-enable-strictmodes: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-print-last-log: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-set-loglevel-info: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-login-events: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-configure-crypto-policy: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-gssapi-auth: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-user-known-hosts: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-do-not-permit-user-env: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-enable-strictmodes: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-print-last-log: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-set-loglevel-info: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/rhcos4-e8-4.15.yml b/tests/assertions/ocp4/rhcos4-e8-4.15.yml new file mode 100644 index 00000000000..9061af8422f --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-e8-4.15.yml @@ -0,0 +1,301 @@ +rule_results: + e2e-e8-master-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-login-events: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-configure-crypto-policy: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-sshd-disable-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-disable-gssapi-auth: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-disable-user-known-hosts: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-do-not-permit-user-env: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-enable-strictmodes: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-print-last-log: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-set-loglevel-info: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-login-events: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-configure-crypto-policy: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-gssapi-auth: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-user-known-hosts: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-do-not-permit-user-env: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-enable-strictmodes: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-print-last-log: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-set-loglevel-info: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/rhcos4-e8-4.16.yml b/tests/assertions/ocp4/rhcos4-e8-4.16.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/tests/assertions/ocp4/rhcos4-high-4.14.yml b/tests/assertions/ocp4/rhcos4-high-4.14.yml new file mode 100644 index 00000000000..3a367d2aea2 --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-high-4.14.yml @@ -0,0 +1,1447 @@ + rule_results: + e2e-high-master-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-high-master-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-master-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-master-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-master-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-high-worker-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-worker-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-high-4.15.yml b/tests/assertions/ocp4/rhcos4-high-4.15.yml new file mode 100644 index 00000000000..29041be8faa --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-high-4.15.yml @@ -0,0 +1,1447 @@ +rule_results: + e2e-high-master-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-high-master-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-master-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-master-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-master-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-high-worker-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-worker-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-high-4.16.yml b/tests/assertions/ocp4/rhcos4-high-4.16.yml new file mode 100644 index 00000000000..4fd47643360 --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-high-4.16.yml @@ -0,0 +1,1447 @@ +rule_results: + e2e-high-master-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-high-master-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-master-package-iptables-nft-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-master-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-master-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-master-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-high-worker-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-package-iptables-nft-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-worker-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-moderate-4.14.yml b/tests/assertions/ocp4/rhcos4-moderate-4.14.yml index 8639f5ac743..22132593238 100644 --- a/tests/assertions/ocp4/rhcos4-moderate-4.14.yml +++ b/tests/assertions/ocp4/rhcos4-moderate-4.14.yml @@ -382,7 +382,7 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-banner-etc-issue: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-master-bios-disable-usb-boot: default_result: MANUAL result_after_remediation: MANUAL @@ -444,8 +444,8 @@ rule_results: default_result: FAIL result_after_remediation: PASS e2e-moderate-master-coreos-vsyscall-kernel-argument: - default_result: INFO - result_after_remediation: INFO + default_result: FAIL + result_after_remediation: PASS e2e-moderate-master-directory-access-var-log-audit: default_result: FAIL result_after_remediation: PASS @@ -466,7 +466,7 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-ensure-logrotate-activated: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-master-file-groupowner-sshd-config: default_result: PASS result_after_remediation: PASS @@ -561,8 +561,11 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-master-package-iptables-installed: - default_result: FAIL - result_after_remediation: FAIL + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-master-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS e2e-moderate-master-package-sudo-installed: default_result: PASS result_after_remediation: PASS @@ -578,9 +581,6 @@ rule_results: e2e-moderate-master-require-singleuser-auth: default_result: PASS result_after_remediation: PASS - e2e-moderate-master-selinux-confinement-of-daemons: - default_result: PASS - result_after_remediation: PASS e2e-moderate-master-selinux-policytype: default_result: PASS result_after_remediation: PASS @@ -591,8 +591,8 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-master-service-autofs-disabled: - default_result: PASS - result_after_remediation: PASS + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE e2e-moderate-master-service-bluetooth-disabled: default_result: PASS result_after_remediation: PASS @@ -604,7 +604,7 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-service-systemd-coredump-disabled: default_result: FAIL - result_after_remediation: PASS + result_after_remediation: FAIL e2e-moderate-master-service-usbguard-enabled: default_result: FAIL result_after_remediation: PASS @@ -612,19 +612,16 @@ rule_results: default_result: FAIL result_after_remediation: PASS e2e-moderate-master-sshd-limit-user-access: - default_result: MANUAL - result_after_remediation: MANUAL - e2e-moderate-master-sshd-set-idle-timeout: default_result: FAIL - result_after_remediation: PASS + result_after_remediation: FAIL e2e-moderate-master-sshd-set-keepalive-0: default_result: FAIL result_after_remediation: PASS e2e-moderate-master-sysctl-fs-protected-hardlinks: - default_result: FAIL + default_result: PASS result_after_remediation: PASS e2e-moderate-master-sysctl-fs-protected-symlinks: - default_result: FAIL + default_result: PASS result_after_remediation: PASS e2e-moderate-master-sysctl-kernel-core-pattern: default_result: FAIL @@ -636,7 +633,7 @@ rule_results: default_result: FAIL result_after_remediation: PASS e2e-moderate-master-sysctl-kernel-kptr-restrict: - default_result: FAIL + default_result: PASS result_after_remediation: PASS e2e-moderate-master-sysctl-kernel-perf-event-paranoid: default_result: FAIL @@ -649,7 +646,7 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-sysctl-net-core-bpf-jit-harden: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-master-sysctl-net-ipv4-conf-all-accept-redirects: default_result: FAIL result_after_remediation: PASS @@ -672,7 +669,7 @@ rule_results: default_result: FAIL result_after_remediation: PASS e2e-moderate-master-sysctl-net-ipv4-conf-default-accept-source-route: - default_result: FAIL + default_result: PASS result_after_remediation: PASS e2e-moderate-master-sysctl-net-ipv4-conf-default-log-martians: default_result: FAIL @@ -697,19 +694,19 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-ra: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-redirects: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-source-route: default_result: FAIL result_after_remediation: PASS e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-ra: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-redirects: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-source-route: default_result: FAIL result_after_remediation: PASS @@ -1105,7 +1102,7 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-banner-etc-issue: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-worker-bios-disable-usb-boot: default_result: MANUAL result_after_remediation: MANUAL @@ -1167,8 +1164,8 @@ rule_results: default_result: FAIL result_after_remediation: PASS e2e-moderate-worker-coreos-vsyscall-kernel-argument: - default_result: INFO - result_after_remediation: INFO + default_result: FAIL + result_after_remediation: PASS e2e-moderate-worker-directory-access-var-log-audit: default_result: FAIL result_after_remediation: PASS @@ -1189,7 +1186,7 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-ensure-logrotate-activated: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-worker-file-groupowner-sshd-config: default_result: PASS result_after_remediation: PASS @@ -1284,8 +1281,11 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-worker-package-iptables-installed: - default_result: FAIL - result_after_remediation: FAIL + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-worker-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS e2e-moderate-worker-package-sudo-installed: default_result: PASS result_after_remediation: PASS @@ -1301,9 +1301,6 @@ rule_results: e2e-moderate-worker-require-singleuser-auth: default_result: PASS result_after_remediation: PASS - e2e-moderate-worker-selinux-confinement-of-daemons: - default_result: PASS - result_after_remediation: PASS e2e-moderate-worker-selinux-policytype: default_result: PASS result_after_remediation: PASS @@ -1314,8 +1311,8 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-worker-service-autofs-disabled: - default_result: PASS - result_after_remediation: PASS + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE e2e-moderate-worker-service-bluetooth-disabled: default_result: PASS result_after_remediation: PASS @@ -1327,7 +1324,7 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-service-systemd-coredump-disabled: default_result: FAIL - result_after_remediation: PASS + result_after_remediation: FAIL e2e-moderate-worker-service-usbguard-enabled: default_result: FAIL result_after_remediation: PASS @@ -1335,19 +1332,16 @@ rule_results: default_result: FAIL result_after_remediation: PASS e2e-moderate-worker-sshd-limit-user-access: - default_result: MANUAL - result_after_remediation: MANUAL - e2e-moderate-worker-sshd-set-idle-timeout: default_result: FAIL - result_after_remediation: PASS + result_after_remediation: FAIL e2e-moderate-worker-sshd-set-keepalive-0: default_result: FAIL result_after_remediation: PASS e2e-moderate-worker-sysctl-fs-protected-hardlinks: - default_result: FAIL + default_result: PASS result_after_remediation: PASS e2e-moderate-worker-sysctl-fs-protected-symlinks: - default_result: FAIL + default_result: PASS result_after_remediation: PASS e2e-moderate-worker-sysctl-kernel-core-pattern: default_result: FAIL @@ -1359,7 +1353,7 @@ rule_results: default_result: FAIL result_after_remediation: PASS e2e-moderate-worker-sysctl-kernel-kptr-restrict: - default_result: FAIL + default_result: PASS result_after_remediation: PASS e2e-moderate-worker-sysctl-kernel-perf-event-paranoid: default_result: FAIL @@ -1372,7 +1366,7 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-sysctl-net-core-bpf-jit-harden: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-worker-sysctl-net-ipv4-conf-all-accept-redirects: default_result: FAIL result_after_remediation: PASS @@ -1395,7 +1389,7 @@ rule_results: default_result: FAIL result_after_remediation: PASS e2e-moderate-worker-sysctl-net-ipv4-conf-default-accept-source-route: - default_result: FAIL + default_result: PASS result_after_remediation: PASS e2e-moderate-worker-sysctl-net-ipv4-conf-default-log-martians: default_result: FAIL @@ -1420,19 +1414,19 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-ra: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-redirects: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-source-route: default_result: FAIL result_after_remediation: PASS e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-ra: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-redirects: default_result: FAIL - result_after_remediation: FAIL + result_after_remediation: PASS e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-source-route: default_result: FAIL result_after_remediation: PASS diff --git a/tests/assertions/ocp4/rhcos4-moderate-4.15.yml b/tests/assertions/ocp4/rhcos4-moderate-4.15.yml new file mode 100644 index 00000000000..22132593238 --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-moderate-4.15.yml @@ -0,0 +1,1441 @@ +rule_results: + e2e-moderate-master-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-moderate-master-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-master-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-master-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-master-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-worker-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-moderate-worker-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-worker-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-worker-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-worker-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-moderate-4.16.yml b/tests/assertions/ocp4/rhcos4-moderate-4.16.yml new file mode 100644 index 00000000000..e743a037b7d --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-moderate-4.16.yml @@ -0,0 +1,1441 @@ +rule_results: + e2e-moderate-master-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-moderate-master-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-master-package-iptables-nft-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-master-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-master-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-master-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-master-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-worker-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-moderate-worker-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-worker-package-iptables-nft-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-worker-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-worker-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-moderate-worker-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-moderate-worker-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-stig-4.14.yml b/tests/assertions/ocp4/rhcos4-stig-4.14.yml new file mode 100644 index 00000000000..14e27cda3e4 --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-stig-4.14.yml @@ -0,0 +1,715 @@ +rule_results: + e2e-stig-master-audit-access-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-create-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-delete-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-immutable-login-uids: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-modify-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-umount2: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-dbus-daemon-launch-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-fusermount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-fusermount3: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-grub2-set-bootflag: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-mount-nfs: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-pkexec: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-polkit-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-krb5-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-ldap-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-proxy-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-selinux-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-utempter: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-write: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-auditd-data-retention-max-log-file-action-stig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-bios-enable-execution-restrictions: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-stig-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-slub-debug-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-file-groupowner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-groupowner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-owner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-owner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-permissions-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-permissions-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-access-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-create-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-delete-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-immutable-login-uids: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-modify-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-umount2: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-dbus-daemon-launch-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-fusermount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-fusermount3: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-grub2-set-bootflag: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-mount-nfs: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-pkexec: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-polkit-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-krb5-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-ldap-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-proxy-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-selinux-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-utempter: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-write: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-auditd-data-retention-max-log-file-action-stig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-bios-enable-execution-restrictions: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-stig-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-slub-debug-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-file-groupowner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-groupowner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-owner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-owner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-permissions-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-permissions-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/rhcos4-stig-4.15.yml b/tests/assertions/ocp4/rhcos4-stig-4.15.yml new file mode 100644 index 00000000000..14e27cda3e4 --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-stig-4.15.yml @@ -0,0 +1,715 @@ +rule_results: + e2e-stig-master-audit-access-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-create-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-delete-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-immutable-login-uids: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-modify-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-umount2: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-dbus-daemon-launch-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-fusermount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-fusermount3: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-grub2-set-bootflag: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-mount-nfs: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-pkexec: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-polkit-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-krb5-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-ldap-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-proxy-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-selinux-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-utempter: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-write: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-auditd-data-retention-max-log-file-action-stig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-bios-enable-execution-restrictions: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-stig-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-slub-debug-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-file-groupowner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-groupowner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-owner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-owner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-permissions-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-permissions-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-access-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-create-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-delete-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-immutable-login-uids: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-modify-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-umount2: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-dbus-daemon-launch-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-fusermount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-fusermount3: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-grub2-set-bootflag: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-mount-nfs: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-pkexec: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-polkit-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-krb5-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-ldap-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-proxy-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-selinux-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-utempter: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-write: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-auditd-data-retention-max-log-file-action-stig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-bios-enable-execution-restrictions: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-stig-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-slub-debug-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-file-groupowner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-groupowner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-owner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-owner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-permissions-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-permissions-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS diff --git a/tests/assertions/ocp4/rhcos4-stig-4.16.yml b/tests/assertions/ocp4/rhcos4-stig-4.16.yml new file mode 100644 index 00000000000..14e27cda3e4 --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-stig-4.16.yml @@ -0,0 +1,715 @@ +rule_results: + e2e-stig-master-audit-access-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-create-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-delete-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-immutable-login-uids: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-modify-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-umount2: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-dbus-daemon-launch-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-fusermount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-fusermount3: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-grub2-set-bootflag: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-mount-nfs: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-pkexec: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-polkit-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-krb5-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-ldap-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-proxy-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-selinux-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-utempter: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-write: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-auditd-data-retention-max-log-file-action-stig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-bios-enable-execution-restrictions: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-stig-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-slub-debug-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-file-groupowner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-groupowner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-owner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-owner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-permissions-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-permissions-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-access-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-create-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-delete-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-immutable-login-uids: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-modify-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-umount2: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-dbus-daemon-launch-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-fusermount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-fusermount3: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-grub2-set-bootflag: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-mount-nfs: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-pkexec: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-polkit-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-krb5-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-ldap-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-proxy-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-selinux-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-utempter: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-write: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-auditd-data-retention-max-log-file-action-stig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-bios-enable-execution-restrictions: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-stig-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-slub-debug-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-file-groupowner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-groupowner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-owner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-owner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-permissions-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-permissions-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-stig-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS From 40c8ce3cdbd7b92db831c7ef512fc3e2d04ffe01 Mon Sep 17 00:00:00 2001 From: Vincent Shen Date: Tue, 23 Apr 2024 03:49:09 -0700 Subject: [PATCH 6/9] OCP remove redudent result_after_remediation Let's remove result_after_remediation for rules does not have remediation, also remove it for MANUAL result --- tests/assertions/ocp4/ocp4-cis-4.13.yml | 24 ----------------- tests/assertions/ocp4/ocp4-cis-4.14.yml | 24 ----------------- tests/assertions/ocp4/ocp4-cis-4.16.yml | 24 ----------------- tests/assertions/ocp4/ocp4-e8-4.13.yml | 8 ------ tests/assertions/ocp4/ocp4-e8-4.14.yml | 8 ------ tests/assertions/ocp4/ocp4-e8-4.16.yml | 8 ------ tests/assertions/ocp4/ocp4-high-4.13.yml | 27 ------------------- tests/assertions/ocp4/ocp4-high-4.14.yml | 27 ------------------- tests/assertions/ocp4/ocp4-high-node-4.13.yml | 8 ------ tests/assertions/ocp4/ocp4-high-node-4.14.yml | 8 ------ tests/assertions/ocp4/ocp4-high-node-4.15.yml | 8 ------ tests/assertions/ocp4/ocp4-high-node-4.16.yml | 8 ------ tests/assertions/ocp4/ocp4-moderate-4.15.yml | 26 ------------------ .../ocp4/ocp4-moderate-node-4.13.yml | 8 ------ .../ocp4/ocp4-moderate-node-4.14.yml | 8 ------ .../ocp4/ocp4-moderate-node-4.15.yml | 8 ------ .../ocp4/ocp4-moderate-node-4.16.yml | 8 ------ tests/assertions/ocp4/ocp4-stig-node-4.13.yml | 2 -- tests/assertions/ocp4/ocp4-stig-node-4.14.yml | 2 -- tests/assertions/ocp4/ocp4-stig-node-4.15.yml | 2 -- tests/assertions/ocp4/ocp4-stig-node-4.16.yml | 2 -- tests/assertions/ocp4/rhcos4-high-4.15.yml | 12 --------- tests/assertions/ocp4/rhcos4-high-4.16.yml | 12 --------- .../assertions/ocp4/rhcos4-moderate-4.14.yml | 12 --------- .../assertions/ocp4/rhcos4-moderate-4.15.yml | 12 --------- .../assertions/ocp4/rhcos4-moderate-4.16.yml | 12 --------- tests/assertions/ocp4/rhcos4-stig-4.14.yml | 2 -- tests/assertions/ocp4/rhcos4-stig-4.15.yml | 2 -- tests/assertions/ocp4/rhcos4-stig-4.16.yml | 2 -- 29 files changed, 314 deletions(-) diff --git a/tests/assertions/ocp4/ocp4-cis-4.13.yml b/tests/assertions/ocp4/ocp4-cis-4.13.yml index 871e82cf83f..d034b6cb0cf 100644 --- a/tests/assertions/ocp4/ocp4-cis-4.13.yml +++ b/tests/assertions/ocp4/ocp4-cis-4.13.yml @@ -1,10 +1,8 @@ rule_results: e2e-cis-accounts-restrict-service-account-tokens: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-accounts-unique-service-account: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-api-server-admission-control-plugin-alwaysadmit: default_result: PASS result_after_remediation: PASS @@ -190,22 +188,17 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-cis-general-apply-scc: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-general-default-namespace-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-general-default-seccomp-profile: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-general-namespaces-in-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-idp-is-configured: default_result: FAIL result_after_remediation: PASS e2e-cis-kubeadmin-removed: default_result: FAIL - result_after_remediation: FAIL e2e-cis-kubelet-configure-tls-cert: default_result: PASS result_after_remediation: PASS @@ -217,10 +210,8 @@ rule_results: result_after_remediation: PASS e2e-cis-ocp-allowed-registries: default_result: FAIL - result_after_remediation: FAIL e2e-cis-ocp-allowed-registries-for-import: default_result: FAIL - result_after_remediation: FAIL e2e-cis-ocp-api-server-audit-log-maxbackup: default_result: PASS result_after_remediation: PASS @@ -241,46 +232,33 @@ rule_results: result_after_remediation: PASS e2e-cis-rbac-least-privilege: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-rbac-limit-cluster-admin: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-rbac-limit-secrets-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-rbac-pod-creation-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-rbac-wildcard-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-drop-container-capabilities: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-container-allowed-capabilities: default_result: PASS result_after_remediation: PASS e2e-cis-scc-limit-ipc-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-net-raw-capability: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-network-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-privilege-escalation: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-privileged-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-process-id-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-root-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scheduler-profiling-protected-by-rbac: default_result: PASS result_after_remediation: PASS @@ -289,7 +267,5 @@ rule_results: result_after_remediation: PASS e2e-cis-secrets-consider-external-storage: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-secrets-no-environment-variables: default_result: MANUAL - result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-cis-4.14.yml b/tests/assertions/ocp4/ocp4-cis-4.14.yml index 871e82cf83f..d034b6cb0cf 100644 --- a/tests/assertions/ocp4/ocp4-cis-4.14.yml +++ b/tests/assertions/ocp4/ocp4-cis-4.14.yml @@ -1,10 +1,8 @@ rule_results: e2e-cis-accounts-restrict-service-account-tokens: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-accounts-unique-service-account: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-api-server-admission-control-plugin-alwaysadmit: default_result: PASS result_after_remediation: PASS @@ -190,22 +188,17 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-cis-general-apply-scc: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-general-default-namespace-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-general-default-seccomp-profile: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-general-namespaces-in-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-idp-is-configured: default_result: FAIL result_after_remediation: PASS e2e-cis-kubeadmin-removed: default_result: FAIL - result_after_remediation: FAIL e2e-cis-kubelet-configure-tls-cert: default_result: PASS result_after_remediation: PASS @@ -217,10 +210,8 @@ rule_results: result_after_remediation: PASS e2e-cis-ocp-allowed-registries: default_result: FAIL - result_after_remediation: FAIL e2e-cis-ocp-allowed-registries-for-import: default_result: FAIL - result_after_remediation: FAIL e2e-cis-ocp-api-server-audit-log-maxbackup: default_result: PASS result_after_remediation: PASS @@ -241,46 +232,33 @@ rule_results: result_after_remediation: PASS e2e-cis-rbac-least-privilege: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-rbac-limit-cluster-admin: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-rbac-limit-secrets-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-rbac-pod-creation-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-rbac-wildcard-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-drop-container-capabilities: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-container-allowed-capabilities: default_result: PASS result_after_remediation: PASS e2e-cis-scc-limit-ipc-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-net-raw-capability: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-network-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-privilege-escalation: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-privileged-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-process-id-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-root-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scheduler-profiling-protected-by-rbac: default_result: PASS result_after_remediation: PASS @@ -289,7 +267,5 @@ rule_results: result_after_remediation: PASS e2e-cis-secrets-consider-external-storage: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-secrets-no-environment-variables: default_result: MANUAL - result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-cis-4.16.yml b/tests/assertions/ocp4/ocp4-cis-4.16.yml index 871e82cf83f..d034b6cb0cf 100644 --- a/tests/assertions/ocp4/ocp4-cis-4.16.yml +++ b/tests/assertions/ocp4/ocp4-cis-4.16.yml @@ -1,10 +1,8 @@ rule_results: e2e-cis-accounts-restrict-service-account-tokens: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-accounts-unique-service-account: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-api-server-admission-control-plugin-alwaysadmit: default_result: PASS result_after_remediation: PASS @@ -190,22 +188,17 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-cis-general-apply-scc: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-general-default-namespace-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-general-default-seccomp-profile: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-general-namespaces-in-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-idp-is-configured: default_result: FAIL result_after_remediation: PASS e2e-cis-kubeadmin-removed: default_result: FAIL - result_after_remediation: FAIL e2e-cis-kubelet-configure-tls-cert: default_result: PASS result_after_remediation: PASS @@ -217,10 +210,8 @@ rule_results: result_after_remediation: PASS e2e-cis-ocp-allowed-registries: default_result: FAIL - result_after_remediation: FAIL e2e-cis-ocp-allowed-registries-for-import: default_result: FAIL - result_after_remediation: FAIL e2e-cis-ocp-api-server-audit-log-maxbackup: default_result: PASS result_after_remediation: PASS @@ -241,46 +232,33 @@ rule_results: result_after_remediation: PASS e2e-cis-rbac-least-privilege: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-rbac-limit-cluster-admin: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-rbac-limit-secrets-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-rbac-pod-creation-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-rbac-wildcard-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-drop-container-capabilities: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-container-allowed-capabilities: default_result: PASS result_after_remediation: PASS e2e-cis-scc-limit-ipc-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-net-raw-capability: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-network-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-privilege-escalation: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-privileged-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-process-id-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scc-limit-root-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-scheduler-profiling-protected-by-rbac: default_result: PASS result_after_remediation: PASS @@ -289,7 +267,5 @@ rule_results: result_after_remediation: PASS e2e-cis-secrets-consider-external-storage: default_result: MANUAL - result_after_remediation: MANUAL e2e-cis-secrets-no-environment-variables: default_result: MANUAL - result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-e8-4.13.yml b/tests/assertions/ocp4/ocp4-e8-4.13.yml index e82d5122341..3640e37f7ac 100644 --- a/tests/assertions/ocp4/ocp4-e8-4.13.yml +++ b/tests/assertions/ocp4/ocp4-e8-4.13.yml @@ -7,31 +7,23 @@ rule_results: result_after_remediation: PASS e2e-e8-ocp-allowed-registries: default_result: FAIL - result_after_remediation: FAIL e2e-e8-ocp-allowed-registries-for-import: default_result: FAIL - result_after_remediation: FAIL e2e-e8-ocp-idp-no-htpasswd: default_result: PASS result_after_remediation: PASS e2e-e8-rbac-limit-cluster-admin: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-rbac-pod-creation-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-rbac-wildcard-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-scc-limit-container-allowed-capabilities: default_result: PASS result_after_remediation: PASS e2e-e8-scc-limit-privilege-escalation: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-scc-limit-privileged-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-scc-limit-root-containers: default_result: MANUAL - result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-e8-4.14.yml b/tests/assertions/ocp4/ocp4-e8-4.14.yml index e82d5122341..3640e37f7ac 100644 --- a/tests/assertions/ocp4/ocp4-e8-4.14.yml +++ b/tests/assertions/ocp4/ocp4-e8-4.14.yml @@ -7,31 +7,23 @@ rule_results: result_after_remediation: PASS e2e-e8-ocp-allowed-registries: default_result: FAIL - result_after_remediation: FAIL e2e-e8-ocp-allowed-registries-for-import: default_result: FAIL - result_after_remediation: FAIL e2e-e8-ocp-idp-no-htpasswd: default_result: PASS result_after_remediation: PASS e2e-e8-rbac-limit-cluster-admin: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-rbac-pod-creation-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-rbac-wildcard-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-scc-limit-container-allowed-capabilities: default_result: PASS result_after_remediation: PASS e2e-e8-scc-limit-privilege-escalation: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-scc-limit-privileged-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-scc-limit-root-containers: default_result: MANUAL - result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-e8-4.16.yml b/tests/assertions/ocp4/ocp4-e8-4.16.yml index e82d5122341..3640e37f7ac 100644 --- a/tests/assertions/ocp4/ocp4-e8-4.16.yml +++ b/tests/assertions/ocp4/ocp4-e8-4.16.yml @@ -7,31 +7,23 @@ rule_results: result_after_remediation: PASS e2e-e8-ocp-allowed-registries: default_result: FAIL - result_after_remediation: FAIL e2e-e8-ocp-allowed-registries-for-import: default_result: FAIL - result_after_remediation: FAIL e2e-e8-ocp-idp-no-htpasswd: default_result: PASS result_after_remediation: PASS e2e-e8-rbac-limit-cluster-admin: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-rbac-pod-creation-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-rbac-wildcard-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-scc-limit-container-allowed-capabilities: default_result: PASS result_after_remediation: PASS e2e-e8-scc-limit-privilege-escalation: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-scc-limit-privileged-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-e8-scc-limit-root-containers: default_result: MANUAL - result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-high-4.13.yml b/tests/assertions/ocp4/ocp4-high-4.13.yml index 0686ed1a4d0..6a52accf4ac 100644 --- a/tests/assertions/ocp4/ocp4-high-4.13.yml +++ b/tests/assertions/ocp4/ocp4-high-4.13.yml @@ -1,13 +1,10 @@ rule_results: e2e-high-accounts-restrict-service-account-tokens: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-accounts-unique-service-account: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-alert-receiver-configured: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-api-server-admission-control-plugin-alwaysadmit: default_result: PASS result_after_remediation: PASS @@ -169,7 +166,6 @@ rule_results: result_after_remediation: PASS e2e-high-cluster-wide-proxy-set: default_result: FAIL - result_after_remediation: FAIL e2e-high-compliance-notification-enabled: default_result: PASS result_after_remediation: PASS @@ -247,19 +243,14 @@ rule_results: result_after_remediation: PASS e2e-high-general-apply-scc: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-general-configure-imagepolicywebhook: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-general-default-namespace-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-general-default-seccomp-profile: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-general-namespaces-in-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-gitops-operator-exists: default_result: FAIL result_after_remediation: PASS @@ -274,7 +265,6 @@ rule_results: result_after_remediation: PASS e2e-high-kubeadmin-removed: default_result: FAIL - result_after_remediation: FAIL e2e-high-kubelet-configure-tls-cert: default_result: PASS result_after_remediation: PASS @@ -295,10 +285,8 @@ rule_results: result_after_remediation: PASS e2e-high-ocp-allowed-registries: default_result: FAIL - result_after_remediation: FAIL e2e-high-ocp-allowed-registries-for-import: default_result: FAIL - result_after_remediation: FAIL e2e-high-ocp-api-server-audit-log-maxbackup: default_result: PASS result_after_remediation: PASS @@ -328,19 +316,14 @@ rule_results: result_after_remediation: PASS e2e-high-rbac-least-privilege: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-rbac-limit-cluster-admin: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-rbac-limit-secrets-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-rbac-pod-creation-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-rbac-wildcard-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-resource-requests-limits-in-daemonset: default_result: PASS result_after_remediation: PASS @@ -367,31 +350,23 @@ rule_results: result_after_remediation: PASS e2e-high-scc-drop-container-capabilities: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-container-allowed-capabilities: default_result: PASS result_after_remediation: PASS e2e-high-scc-limit-ipc-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-net-raw-capability: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-network-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-privilege-escalation: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-privileged-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-process-id-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-root-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scheduler-profiling-protected-by-rbac: default_result: PASS result_after_remediation: PASS @@ -400,7 +375,5 @@ rule_results: result_after_remediation: PASS e2e-high-secrets-consider-external-storage: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-secrets-no-environment-variables: default_result: MANUAL - result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-high-4.14.yml b/tests/assertions/ocp4/ocp4-high-4.14.yml index 0686ed1a4d0..6a52accf4ac 100644 --- a/tests/assertions/ocp4/ocp4-high-4.14.yml +++ b/tests/assertions/ocp4/ocp4-high-4.14.yml @@ -1,13 +1,10 @@ rule_results: e2e-high-accounts-restrict-service-account-tokens: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-accounts-unique-service-account: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-alert-receiver-configured: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-api-server-admission-control-plugin-alwaysadmit: default_result: PASS result_after_remediation: PASS @@ -169,7 +166,6 @@ rule_results: result_after_remediation: PASS e2e-high-cluster-wide-proxy-set: default_result: FAIL - result_after_remediation: FAIL e2e-high-compliance-notification-enabled: default_result: PASS result_after_remediation: PASS @@ -247,19 +243,14 @@ rule_results: result_after_remediation: PASS e2e-high-general-apply-scc: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-general-configure-imagepolicywebhook: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-general-default-namespace-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-general-default-seccomp-profile: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-general-namespaces-in-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-gitops-operator-exists: default_result: FAIL result_after_remediation: PASS @@ -274,7 +265,6 @@ rule_results: result_after_remediation: PASS e2e-high-kubeadmin-removed: default_result: FAIL - result_after_remediation: FAIL e2e-high-kubelet-configure-tls-cert: default_result: PASS result_after_remediation: PASS @@ -295,10 +285,8 @@ rule_results: result_after_remediation: PASS e2e-high-ocp-allowed-registries: default_result: FAIL - result_after_remediation: FAIL e2e-high-ocp-allowed-registries-for-import: default_result: FAIL - result_after_remediation: FAIL e2e-high-ocp-api-server-audit-log-maxbackup: default_result: PASS result_after_remediation: PASS @@ -328,19 +316,14 @@ rule_results: result_after_remediation: PASS e2e-high-rbac-least-privilege: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-rbac-limit-cluster-admin: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-rbac-limit-secrets-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-rbac-pod-creation-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-rbac-wildcard-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-resource-requests-limits-in-daemonset: default_result: PASS result_after_remediation: PASS @@ -367,31 +350,23 @@ rule_results: result_after_remediation: PASS e2e-high-scc-drop-container-capabilities: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-container-allowed-capabilities: default_result: PASS result_after_remediation: PASS e2e-high-scc-limit-ipc-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-net-raw-capability: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-network-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-privilege-escalation: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-privileged-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-process-id-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scc-limit-root-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-scheduler-profiling-protected-by-rbac: default_result: PASS result_after_remediation: PASS @@ -400,7 +375,5 @@ rule_results: result_after_remediation: PASS e2e-high-secrets-consider-external-storage: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-secrets-no-environment-variables: default_result: MANUAL - result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-high-node-4.13.yml b/tests/assertions/ocp4/ocp4-high-node-4.13.yml index 7582f9f3038..5d7ea62133f 100644 --- a/tests/assertions/ocp4/ocp4-high-node-4.13.yml +++ b/tests/assertions/ocp4/ocp4-high-node-4.13.yml @@ -202,7 +202,6 @@ rule_results: result_after_remediation: PASS e2e-high-node-master-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-high-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -349,13 +348,10 @@ rule_results: result_after_remediation: PASS e2e-high-node-master-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-master-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-master-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-master-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS @@ -562,7 +558,6 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-high-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -709,13 +704,10 @@ rule_results: result_after_remediation: PASS e2e-high-node-worker-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-worker-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-worker-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-worker-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-node-4.14.yml b/tests/assertions/ocp4/ocp4-high-node-4.14.yml index 7582f9f3038..5d7ea62133f 100644 --- a/tests/assertions/ocp4/ocp4-high-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-high-node-4.14.yml @@ -202,7 +202,6 @@ rule_results: result_after_remediation: PASS e2e-high-node-master-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-high-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -349,13 +348,10 @@ rule_results: result_after_remediation: PASS e2e-high-node-master-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-master-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-master-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-master-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS @@ -562,7 +558,6 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-high-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -709,13 +704,10 @@ rule_results: result_after_remediation: PASS e2e-high-node-worker-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-worker-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-worker-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-worker-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-node-4.15.yml b/tests/assertions/ocp4/ocp4-high-node-4.15.yml index 7582f9f3038..5d7ea62133f 100644 --- a/tests/assertions/ocp4/ocp4-high-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-high-node-4.15.yml @@ -202,7 +202,6 @@ rule_results: result_after_remediation: PASS e2e-high-node-master-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-high-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -349,13 +348,10 @@ rule_results: result_after_remediation: PASS e2e-high-node-master-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-master-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-master-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-master-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS @@ -562,7 +558,6 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-high-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -709,13 +704,10 @@ rule_results: result_after_remediation: PASS e2e-high-node-worker-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-worker-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-worker-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-worker-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-node-4.16.yml b/tests/assertions/ocp4/ocp4-high-node-4.16.yml index 7582f9f3038..5d7ea62133f 100644 --- a/tests/assertions/ocp4/ocp4-high-node-4.16.yml +++ b/tests/assertions/ocp4/ocp4-high-node-4.16.yml @@ -202,7 +202,6 @@ rule_results: result_after_remediation: PASS e2e-high-node-master-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-high-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -349,13 +348,10 @@ rule_results: result_after_remediation: PASS e2e-high-node-master-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-master-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-master-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-master-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS @@ -562,7 +558,6 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-high-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -709,13 +704,10 @@ rule_results: result_after_remediation: PASS e2e-high-node-worker-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-worker-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-worker-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-node-worker-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-4.15.yml b/tests/assertions/ocp4/ocp4-moderate-4.15.yml index 80bc7221e3d..65bbafd49eb 100644 --- a/tests/assertions/ocp4/ocp4-moderate-4.15.yml +++ b/tests/assertions/ocp4/ocp4-moderate-4.15.yml @@ -1,10 +1,8 @@ rule_results: e2e-moderate-accounts-restrict-service-account-tokens: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-accounts-unique-service-account: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-api-server-admission-control-plugin-alwaysadmit: default_result: PASS result_after_remediation: PASS @@ -163,7 +161,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-cluster-wide-proxy-set: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-compliance-notification-enabled: default_result: PASS result_after_remediation: PASS @@ -241,19 +238,14 @@ rule_results: result_after_remediation: PASS e2e-moderate-general-apply-scc: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-general-configure-imagepolicywebhook: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-general-default-namespace-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-general-default-seccomp-profile: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-general-namespaces-in-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-idp-is-configured: default_result: FAIL result_after_remediation: PASS @@ -265,7 +257,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-kubeadmin-removed: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-kubelet-configure-tls-cert: default_result: PASS result_after_remediation: PASS @@ -286,10 +277,8 @@ rule_results: result_after_remediation: PASS e2e-moderate-ocp-allowed-registries: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-ocp-allowed-registries-for-import: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-ocp-api-server-audit-log-maxbackup: default_result: PASS result_after_remediation: PASS @@ -319,19 +308,14 @@ rule_results: result_after_remediation: PASS e2e-moderate-rbac-least-privilege: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-rbac-limit-cluster-admin: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-rbac-limit-secrets-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-rbac-pod-creation-access: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-rbac-wildcard-use: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-resource-requests-limits-in-daemonset: default_result: PASS result_after_remediation: PASS @@ -358,31 +342,23 @@ rule_results: result_after_remediation: PASS e2e-moderate-scc-drop-container-capabilities: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-scc-limit-container-allowed-capabilities: default_result: PASS result_after_remediation: PASS e2e-moderate-scc-limit-ipc-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-scc-limit-net-raw-capability: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-scc-limit-network-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-scc-limit-privilege-escalation: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-scc-limit-privileged-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-scc-limit-process-id-namespace: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-scc-limit-root-containers: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-scheduler-profiling-protected-by-rbac: default_result: PASS result_after_remediation: PASS @@ -391,7 +367,5 @@ rule_results: result_after_remediation: PASS e2e-moderate-secrets-consider-external-storage: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-secrets-no-environment-variables: default_result: MANUAL - result_after_remediation: MANUAL diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.13.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.13.yml index 9ba23c0c906..85cb5fd0461 100644 --- a/tests/assertions/ocp4/ocp4-moderate-node-4.13.yml +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.13.yml @@ -202,7 +202,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-node-master-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -349,13 +348,10 @@ rule_results: result_after_remediation: PASS e2e-moderate-node-master-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-master-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-master-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-master-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS @@ -562,7 +558,6 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -709,13 +704,10 @@ rule_results: result_after_remediation: PASS e2e-moderate-node-worker-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-worker-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-worker-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-worker-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml index 9ba23c0c906..85cb5fd0461 100644 --- a/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml @@ -202,7 +202,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-node-master-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -349,13 +348,10 @@ rule_results: result_after_remediation: PASS e2e-moderate-node-master-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-master-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-master-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-master-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS @@ -562,7 +558,6 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -709,13 +704,10 @@ rule_results: result_after_remediation: PASS e2e-moderate-node-worker-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-worker-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-worker-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-worker-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml index 9ba23c0c906..85cb5fd0461 100644 --- a/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml @@ -202,7 +202,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-node-master-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -349,13 +348,10 @@ rule_results: result_after_remediation: PASS e2e-moderate-node-master-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-master-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-master-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-master-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS @@ -562,7 +558,6 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -709,13 +704,10 @@ rule_results: result_after_remediation: PASS e2e-moderate-node-worker-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-worker-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-worker-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-worker-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.16.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.16.yml index 9ba23c0c906..85cb5fd0461 100644 --- a/tests/assertions/ocp4/ocp4-moderate-node-4.16.yml +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.16.yml @@ -202,7 +202,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-node-master-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -349,13 +348,10 @@ rule_results: result_after_remediation: PASS e2e-moderate-node-master-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-master-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-master-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-master-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS @@ -562,7 +558,6 @@ rule_results: result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -709,13 +704,10 @@ rule_results: result_after_remediation: PASS e2e-moderate-node-worker-partition-for-var-log-kube-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-worker-partition-for-var-log-oauth-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-worker-partition-for-var-log-openshift-apiserver: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-node-worker-reject-unsigned-images-by-default: default_result: FAIL result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.13.yml b/tests/assertions/ocp4/ocp4-stig-node-4.13.yml index 74af6368be7..98490b142a3 100644 --- a/tests/assertions/ocp4/ocp4-stig-node-4.13.yml +++ b/tests/assertions/ocp4/ocp4-stig-node-4.13.yml @@ -178,7 +178,6 @@ rule_results: result_after_remediation: PASS e2e-stig-node-master-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-stig-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -496,7 +495,6 @@ rule_results: result_after_remediation: PASS e2e-stig-node-worker-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-stig-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.14.yml b/tests/assertions/ocp4/ocp4-stig-node-4.14.yml index 74af6368be7..98490b142a3 100644 --- a/tests/assertions/ocp4/ocp4-stig-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-stig-node-4.14.yml @@ -178,7 +178,6 @@ rule_results: result_after_remediation: PASS e2e-stig-node-master-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-stig-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -496,7 +495,6 @@ rule_results: result_after_remediation: PASS e2e-stig-node-worker-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-stig-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.15.yml b/tests/assertions/ocp4/ocp4-stig-node-4.15.yml index 74af6368be7..98490b142a3 100644 --- a/tests/assertions/ocp4/ocp4-stig-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-stig-node-4.15.yml @@ -178,7 +178,6 @@ rule_results: result_after_remediation: PASS e2e-stig-node-master-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-stig-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -496,7 +495,6 @@ rule_results: result_after_remediation: PASS e2e-stig-node-worker-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-stig-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.16.yml b/tests/assertions/ocp4/ocp4-stig-node-4.16.yml index 74af6368be7..98490b142a3 100644 --- a/tests/assertions/ocp4/ocp4-stig-node-4.16.yml +++ b/tests/assertions/ocp4/ocp4-stig-node-4.16.yml @@ -178,7 +178,6 @@ rule_results: result_after_remediation: PASS e2e-stig-node-master-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-stig-node-master-file-permissions-controller-manager-kubeconfig: default_result: PASS result_after_remediation: PASS @@ -496,7 +495,6 @@ rule_results: result_after_remediation: PASS e2e-stig-node-worker-file-permissions-cni-conf: default_result: FAIL - result_after_remediation: FAIL e2e-stig-node-worker-file-permissions-controller-manager-kubeconfig: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-high-4.15.yml b/tests/assertions/ocp4/rhcos4-high-4.15.yml index 29041be8faa..3c064a56d60 100644 --- a/tests/assertions/ocp4/rhcos4-high-4.15.yml +++ b/tests/assertions/ocp4/rhcos4-high-4.15.yml @@ -385,7 +385,6 @@ rule_results: result_after_remediation: PASS e2e-high-master-bios-disable-usb-boot: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-master-chronyd-client-only: default_result: FAIL result_after_remediation: PASS @@ -574,10 +573,8 @@ rule_results: result_after_remediation: PASS e2e-high-master-partition-for-var-log: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-master-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-master-require-singleuser-auth: default_result: PASS result_after_remediation: PASS @@ -607,7 +604,6 @@ rule_results: result_after_remediation: PASS e2e-high-master-service-systemd-coredump-disabled: default_result: FAIL - result_after_remediation: FAIL e2e-high-master-service-usbguard-enabled: default_result: FAIL result_after_remediation: PASS @@ -616,7 +612,6 @@ rule_results: result_after_remediation: PASS e2e-high-master-sshd-limit-user-access: default_result: FAIL - result_after_remediation: FAIL e2e-high-master-sshd-set-keepalive-0: default_result: FAIL result_after_remediation: PASS @@ -718,7 +713,6 @@ rule_results: result_after_remediation: PASS e2e-high-master-wireless-disable-in-bios: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-master-wireless-disable-interfaces: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -1108,7 +1102,6 @@ rule_results: result_after_remediation: PASS e2e-high-worker-bios-disable-usb-boot: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-worker-chronyd-client-only: default_result: FAIL result_after_remediation: PASS @@ -1297,10 +1290,8 @@ rule_results: result_after_remediation: PASS e2e-high-worker-partition-for-var-log: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-worker-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-worker-require-singleuser-auth: default_result: PASS result_after_remediation: PASS @@ -1330,7 +1321,6 @@ rule_results: result_after_remediation: PASS e2e-high-worker-service-systemd-coredump-disabled: default_result: FAIL - result_after_remediation: FAIL e2e-high-worker-service-usbguard-enabled: default_result: FAIL result_after_remediation: PASS @@ -1339,7 +1329,6 @@ rule_results: result_after_remediation: PASS e2e-high-worker-sshd-limit-user-access: default_result: FAIL - result_after_remediation: FAIL e2e-high-worker-sshd-set-keepalive-0: default_result: FAIL result_after_remediation: PASS @@ -1441,7 +1430,6 @@ rule_results: result_after_remediation: PASS e2e-high-worker-wireless-disable-in-bios: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-worker-wireless-disable-interfaces: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-high-4.16.yml b/tests/assertions/ocp4/rhcos4-high-4.16.yml index 4fd47643360..9ca50cf77fc 100644 --- a/tests/assertions/ocp4/rhcos4-high-4.16.yml +++ b/tests/assertions/ocp4/rhcos4-high-4.16.yml @@ -385,7 +385,6 @@ rule_results: result_after_remediation: PASS e2e-high-master-bios-disable-usb-boot: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-master-chronyd-client-only: default_result: FAIL result_after_remediation: PASS @@ -574,10 +573,8 @@ rule_results: result_after_remediation: PASS e2e-high-master-partition-for-var-log: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-master-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-master-require-singleuser-auth: default_result: PASS result_after_remediation: PASS @@ -607,7 +604,6 @@ rule_results: result_after_remediation: PASS e2e-high-master-service-systemd-coredump-disabled: default_result: FAIL - result_after_remediation: FAIL e2e-high-master-service-usbguard-enabled: default_result: FAIL result_after_remediation: PASS @@ -616,7 +612,6 @@ rule_results: result_after_remediation: PASS e2e-high-master-sshd-limit-user-access: default_result: FAIL - result_after_remediation: FAIL e2e-high-master-sshd-set-keepalive-0: default_result: FAIL result_after_remediation: PASS @@ -718,7 +713,6 @@ rule_results: result_after_remediation: PASS e2e-high-master-wireless-disable-in-bios: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-master-wireless-disable-interfaces: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -1108,7 +1102,6 @@ rule_results: result_after_remediation: PASS e2e-high-worker-bios-disable-usb-boot: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-worker-chronyd-client-only: default_result: FAIL result_after_remediation: PASS @@ -1297,10 +1290,8 @@ rule_results: result_after_remediation: PASS e2e-high-worker-partition-for-var-log: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-worker-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-worker-require-singleuser-auth: default_result: PASS result_after_remediation: PASS @@ -1330,7 +1321,6 @@ rule_results: result_after_remediation: PASS e2e-high-worker-service-systemd-coredump-disabled: default_result: FAIL - result_after_remediation: FAIL e2e-high-worker-service-usbguard-enabled: default_result: FAIL result_after_remediation: PASS @@ -1339,7 +1329,6 @@ rule_results: result_after_remediation: PASS e2e-high-worker-sshd-limit-user-access: default_result: FAIL - result_after_remediation: FAIL e2e-high-worker-sshd-set-keepalive-0: default_result: FAIL result_after_remediation: PASS @@ -1441,7 +1430,6 @@ rule_results: result_after_remediation: PASS e2e-high-worker-wireless-disable-in-bios: default_result: MANUAL - result_after_remediation: MANUAL e2e-high-worker-wireless-disable-interfaces: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-moderate-4.14.yml b/tests/assertions/ocp4/rhcos4-moderate-4.14.yml index 22132593238..f4a6b3328ea 100644 --- a/tests/assertions/ocp4/rhcos4-moderate-4.14.yml +++ b/tests/assertions/ocp4/rhcos4-moderate-4.14.yml @@ -385,7 +385,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-bios-disable-usb-boot: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-master-chronyd-client-only: default_result: FAIL result_after_remediation: PASS @@ -574,10 +573,8 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-partition-for-var-log: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-master-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-master-require-singleuser-auth: default_result: PASS result_after_remediation: PASS @@ -604,7 +601,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-service-systemd-coredump-disabled: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-master-service-usbguard-enabled: default_result: FAIL result_after_remediation: PASS @@ -613,7 +609,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-sshd-limit-user-access: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-master-sshd-set-keepalive-0: default_result: FAIL result_after_remediation: PASS @@ -715,7 +710,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-wireless-disable-in-bios: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-master-wireless-disable-interfaces: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -1105,7 +1099,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-bios-disable-usb-boot: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-worker-chronyd-client-only: default_result: FAIL result_after_remediation: PASS @@ -1294,10 +1287,8 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-partition-for-var-log: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-worker-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-worker-require-singleuser-auth: default_result: PASS result_after_remediation: PASS @@ -1324,7 +1315,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-service-systemd-coredump-disabled: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-worker-service-usbguard-enabled: default_result: FAIL result_after_remediation: PASS @@ -1333,7 +1323,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-sshd-limit-user-access: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-worker-sshd-set-keepalive-0: default_result: FAIL result_after_remediation: PASS @@ -1435,7 +1424,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-wireless-disable-in-bios: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-worker-wireless-disable-interfaces: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-moderate-4.15.yml b/tests/assertions/ocp4/rhcos4-moderate-4.15.yml index 22132593238..f4a6b3328ea 100644 --- a/tests/assertions/ocp4/rhcos4-moderate-4.15.yml +++ b/tests/assertions/ocp4/rhcos4-moderate-4.15.yml @@ -385,7 +385,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-bios-disable-usb-boot: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-master-chronyd-client-only: default_result: FAIL result_after_remediation: PASS @@ -574,10 +573,8 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-partition-for-var-log: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-master-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-master-require-singleuser-auth: default_result: PASS result_after_remediation: PASS @@ -604,7 +601,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-service-systemd-coredump-disabled: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-master-service-usbguard-enabled: default_result: FAIL result_after_remediation: PASS @@ -613,7 +609,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-sshd-limit-user-access: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-master-sshd-set-keepalive-0: default_result: FAIL result_after_remediation: PASS @@ -715,7 +710,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-wireless-disable-in-bios: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-master-wireless-disable-interfaces: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -1105,7 +1099,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-bios-disable-usb-boot: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-worker-chronyd-client-only: default_result: FAIL result_after_remediation: PASS @@ -1294,10 +1287,8 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-partition-for-var-log: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-worker-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-worker-require-singleuser-auth: default_result: PASS result_after_remediation: PASS @@ -1324,7 +1315,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-service-systemd-coredump-disabled: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-worker-service-usbguard-enabled: default_result: FAIL result_after_remediation: PASS @@ -1333,7 +1323,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-sshd-limit-user-access: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-worker-sshd-set-keepalive-0: default_result: FAIL result_after_remediation: PASS @@ -1435,7 +1424,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-wireless-disable-in-bios: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-worker-wireless-disable-interfaces: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-moderate-4.16.yml b/tests/assertions/ocp4/rhcos4-moderate-4.16.yml index e743a037b7d..0e8a2f605aa 100644 --- a/tests/assertions/ocp4/rhcos4-moderate-4.16.yml +++ b/tests/assertions/ocp4/rhcos4-moderate-4.16.yml @@ -385,7 +385,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-bios-disable-usb-boot: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-master-chronyd-client-only: default_result: FAIL result_after_remediation: PASS @@ -574,10 +573,8 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-partition-for-var-log: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-master-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-master-require-singleuser-auth: default_result: PASS result_after_remediation: PASS @@ -604,7 +601,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-service-systemd-coredump-disabled: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-master-service-usbguard-enabled: default_result: FAIL result_after_remediation: PASS @@ -613,7 +609,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-sshd-limit-user-access: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-master-sshd-set-keepalive-0: default_result: FAIL result_after_remediation: PASS @@ -715,7 +710,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-master-wireless-disable-in-bios: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-master-wireless-disable-interfaces: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE @@ -1105,7 +1099,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-bios-disable-usb-boot: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-worker-chronyd-client-only: default_result: FAIL result_after_remediation: PASS @@ -1294,10 +1287,8 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-partition-for-var-log: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-worker-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-worker-require-singleuser-auth: default_result: PASS result_after_remediation: PASS @@ -1324,7 +1315,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-service-systemd-coredump-disabled: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-worker-service-usbguard-enabled: default_result: FAIL result_after_remediation: PASS @@ -1333,7 +1323,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-sshd-limit-user-access: default_result: FAIL - result_after_remediation: FAIL e2e-moderate-worker-sshd-set-keepalive-0: default_result: FAIL result_after_remediation: PASS @@ -1435,7 +1424,6 @@ rule_results: result_after_remediation: PASS e2e-moderate-worker-wireless-disable-in-bios: default_result: MANUAL - result_after_remediation: MANUAL e2e-moderate-worker-wireless-disable-interfaces: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-stig-4.14.yml b/tests/assertions/ocp4/rhcos4-stig-4.14.yml index 14e27cda3e4..04fbb61a775 100644 --- a/tests/assertions/ocp4/rhcos4-stig-4.14.yml +++ b/tests/assertions/ocp4/rhcos4-stig-4.14.yml @@ -325,7 +325,6 @@ rule_results: result_after_remediation: PASS e2e-stig-master-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-stig-master-selinux-policytype: default_result: PASS result_after_remediation: PASS @@ -682,7 +681,6 @@ rule_results: result_after_remediation: PASS e2e-stig-worker-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-stig-worker-selinux-policytype: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/rhcos4-stig-4.15.yml b/tests/assertions/ocp4/rhcos4-stig-4.15.yml index 14e27cda3e4..04fbb61a775 100644 --- a/tests/assertions/ocp4/rhcos4-stig-4.15.yml +++ b/tests/assertions/ocp4/rhcos4-stig-4.15.yml @@ -325,7 +325,6 @@ rule_results: result_after_remediation: PASS e2e-stig-master-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-stig-master-selinux-policytype: default_result: PASS result_after_remediation: PASS @@ -682,7 +681,6 @@ rule_results: result_after_remediation: PASS e2e-stig-worker-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-stig-worker-selinux-policytype: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/rhcos4-stig-4.16.yml b/tests/assertions/ocp4/rhcos4-stig-4.16.yml index 14e27cda3e4..04fbb61a775 100644 --- a/tests/assertions/ocp4/rhcos4-stig-4.16.yml +++ b/tests/assertions/ocp4/rhcos4-stig-4.16.yml @@ -325,7 +325,6 @@ rule_results: result_after_remediation: PASS e2e-stig-master-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-stig-master-selinux-policytype: default_result: PASS result_after_remediation: PASS @@ -682,7 +681,6 @@ rule_results: result_after_remediation: PASS e2e-stig-worker-partition-for-var-log-audit: default_result: MANUAL - result_after_remediation: MANUAL e2e-stig-worker-selinux-policytype: default_result: PASS result_after_remediation: PASS From 9377ad688634a06dd6ba935ec4c8b3c38743bb44 Mon Sep 17 00:00:00 2001 From: Vincent Shen Date: Tue, 23 Apr 2024 03:52:56 -0700 Subject: [PATCH 7/9] RHCOS add assertion files Added rhcos4-high,rhcos4-moderate, rhcos4-stig assertion fiels --- tests/assertions/ocp4/rhcos4-high-4.13.yml | 1447 +++++++++ tests/assertions/ocp4/rhcos4-high-4.14.yml | 2894 ++++++++--------- .../assertions/ocp4/rhcos4-moderate-4.13.yml | 1429 ++++++++ tests/assertions/ocp4/rhcos4-stig-4.13.yml | 713 ++++ 4 files changed, 5036 insertions(+), 1447 deletions(-) create mode 100644 tests/assertions/ocp4/rhcos4-high-4.13.yml create mode 100644 tests/assertions/ocp4/rhcos4-moderate-4.13.yml create mode 100644 tests/assertions/ocp4/rhcos4-stig-4.13.yml diff --git a/tests/assertions/ocp4/rhcos4-high-4.13.yml b/tests/assertions/ocp4/rhcos4-high-4.13.yml new file mode 100644 index 00000000000..29041be8faa --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-high-4.13.yml @@ -0,0 +1,1447 @@ +rule_results: + e2e-high-master-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-high-master-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-master-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-master-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-master-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-high-worker-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-worker-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-high-4.14.yml b/tests/assertions/ocp4/rhcos4-high-4.14.yml index 3a367d2aea2..29041be8faa 100644 --- a/tests/assertions/ocp4/rhcos4-high-4.14.yml +++ b/tests/assertions/ocp4/rhcos4-high-4.14.yml @@ -1,1447 +1,1447 @@ - rule_results: - e2e-high-master-accounts-no-uid-except-zero: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-chmod: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-chown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-fchmod: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-fchmodat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-fchown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-fchownat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-fremovexattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-fsetxattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-lchown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-lremovexattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-lsetxattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-removexattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-dac-modification-setxattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-etc-group-open: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-etc-group-open-by-handle-at: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-etc-group-openat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-etc-gshadow-open: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-etc-gshadow-open-by-handle-at: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-etc-gshadow-openat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-etc-passwd-open: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-etc-passwd-open-by-handle-at: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-etc-passwd-openat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-etc-shadow-open: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-etc-shadow-open-by-handle-at: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-etc-shadow-openat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-execution-chcon: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-execution-restorecon: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-execution-semanage: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-execution-setfiles: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-execution-setsebool: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-execution-seunshare: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-file-deletion-events-rename: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-file-deletion-events-renameat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-file-deletion-events-rmdir: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-file-deletion-events-unlink: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-file-deletion-events-unlinkat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-immutable: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-kernel-module-loading-delete: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-kernel-module-loading-finit: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-kernel-module-loading-init: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-login-events-faillock: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-login-events-lastlog: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-login-events-tallylog: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-mac-modification: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-media-export: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-networkconfig-modification: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-at: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-chage: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-chsh: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-crontab: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-gpasswd: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-mount: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-newgidmap: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-newgrp: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-newuidmap: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-pam-timestamp-check: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-passwd: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-postdrop: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-postqueue: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-pt-chown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-ssh-keysign: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-su: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-sudo: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-sudoedit: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-umount: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-unix-chkpwd: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-userhelper: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-privileged-commands-usernetctl: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-session-events: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-sysadmin-actions: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-time-adjtimex: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-time-clock-settime: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-time-settimeofday: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-time-stime: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-time-watch-localtime: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-chmod: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-chown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-creat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-fchmod: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-fchmodat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-fchown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-fchownat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-fremovexattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-fsetxattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-ftruncate: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-lchown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-lremovexattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-lsetxattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-open: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-open-o-creat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-open-o-trunc-write: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-open-rule-order: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-openat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-openat-o-creat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-openat-rule-order: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-removexattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-rename: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-renameat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-setxattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-truncate: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-unlink: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-unsuccessful-file-modification-unlinkat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-usergroup-modification-group: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-usergroup-modification-gshadow: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-usergroup-modification-opasswd: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-usergroup-modification-passwd: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-audit-rules-usergroup-modification-shadow: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-auditd-data-disk-error-action: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-auditd-data-disk-full-action: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-auditd-data-retention-admin-space-left-action: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-auditd-data-retention-flush: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-auditd-data-retention-max-log-file: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-auditd-data-retention-max-log-file-action: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-auditd-data-retention-num-logs: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-auditd-data-retention-space-left: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-auditd-data-retention-space-left-action: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-auditd-freq: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-auditd-local-events: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-auditd-log-format: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-auditd-name-format: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-auditd-write-logs: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-banner-etc-issue: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-bios-disable-usb-boot: - default_result: MANUAL - result_after_remediation: MANUAL - e2e-high-master-chronyd-client-only: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-chronyd-no-chronyc-network: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-chronyd-or-ntpd-set-maxpoll: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-chronyd-or-ntpd-specify-multiple-servers: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-chronyd-or-ntpd-specify-remote-server: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-configure-crypto-policy: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-configure-kerberos-crypto-policy: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-configure-openssl-crypto-policy: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-configure-ssh-crypto-policy: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-configure-usbguard-auditbackend: - default_result: NOT-APPLICABLE - result_after_remediation: PASS - e2e-high-master-coredump-disable-backtraces: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-coredump-disable-storage: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-coreos-audit-backlog-limit-kernel-argument: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-coreos-audit-option: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-coreos-disable-interactive-boot: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-coreos-enable-selinux-kernel-argument: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-coreos-nousb-kernel-argument: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-coreos-page-poison-kernel-argument: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-coreos-pti-kernel-argument: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-coreos-vsyscall-kernel-argument: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-directory-access-var-log-audit: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-directory-permissions-var-log-audit: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-disable-ctrlaltdel-burstaction: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-disable-ctrlaltdel-reboot: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-disable-users-coredumps: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-enable-fips-mode: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-ensure-logrotate-activated: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-file-groupowner-sshd-config: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-file-owner-sshd-config: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-file-ownership-var-log-audit: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-file-permissions-sshd-config: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-file-permissions-sshd-private-key: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-file-permissions-sshd-pub-key: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-file-permissions-var-log-audit: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-kernel-module-atm-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-bluetooth-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-can-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-cfg80211-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-cramfs-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-firewire-core-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-freevxfs-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-hfs-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-hfsplus-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-iwlmvm-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-iwlwifi-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-jffs2-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-mac80211-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-sctp-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-squashfs-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-tipc-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-udf-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-kernel-module-usb-storage-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-no-direct-root-logins: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-no-empty-passwords: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-no-netrc-files: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-no-shelllogin-for-systemaccounts: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-no-tmux-in-shells: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-package-audit-installed: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-package-iptables-installed: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - e2e-high-master-package-iptables-nft-installed: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-package-sudo-installed: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-package-usbguard-installed: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-partition-for-var-log: - default_result: MANUAL - result_after_remediation: MANUAL - e2e-high-master-partition-for-var-log-audit: - default_result: MANUAL - result_after_remediation: MANUAL - e2e-high-master-require-singleuser-auth: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-selinux-policytype: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-selinux-state: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-service-auditd-enabled: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-service-autofs-disabled: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - e2e-high-master-service-bluetooth-disabled: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-service-chronyd-or-ntpd-enabled: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-service-debug-shell-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-service-sshd-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-service-systemd-coredump-disabled: - default_result: FAIL - result_after_remediation: FAIL - e2e-high-master-service-usbguard-enabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sshd-disable-rhosts: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sshd-limit-user-access: - default_result: FAIL - result_after_remediation: FAIL - e2e-high-master-sshd-set-keepalive-0: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-fs-protected-hardlinks: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-sysctl-fs-protected-symlinks: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-sysctl-kernel-core-pattern: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-kernel-dmesg-restrict: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-kernel-kexec-load-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-kernel-kptr-restrict: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-sysctl-kernel-perf-event-paranoid: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-kernel-unprivileged-bpf-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-kernel-yama-ptrace-scope: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-core-bpf-jit-harden: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-conf-all-accept-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-conf-all-accept-source-route: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-conf-all-log-martians: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-conf-all-rp-filter: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-conf-all-secure-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-conf-all-send-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-conf-default-accept-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-conf-default-accept-source-route: - default_result: PASS - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-conf-default-log-martians: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-conf-default-rp-filter: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-conf-default-secure-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-conf-default-send-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv4-tcp-syncookies: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv6-conf-all-accept-ra: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv6-conf-all-accept-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv6-conf-all-accept-source-route: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv6-conf-default-accept-ra: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv6-conf-default-accept-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-sysctl-net-ipv6-conf-default-accept-source-route: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-usbguard-allow-hid-and-hub: - default_result: FAIL - result_after_remediation: PASS - e2e-high-master-wireless-disable-in-bios: - default_result: MANUAL - result_after_remediation: MANUAL - e2e-high-master-wireless-disable-interfaces: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - e2e-high-worker-accounts-no-uid-except-zero: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-chmod: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-chown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-fchmod: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-fchmodat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-fchown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-fchownat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-fremovexattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-fsetxattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-lchown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-lremovexattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-lsetxattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-removexattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-dac-modification-setxattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-etc-group-open: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-etc-group-open-by-handle-at: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-etc-group-openat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-etc-gshadow-open: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-etc-gshadow-open-by-handle-at: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-etc-gshadow-openat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-etc-passwd-open: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-etc-passwd-open-by-handle-at: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-etc-passwd-openat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-etc-shadow-open: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-etc-shadow-open-by-handle-at: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-etc-shadow-openat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-execution-chcon: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-execution-restorecon: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-execution-semanage: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-execution-setfiles: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-execution-setsebool: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-execution-seunshare: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-file-deletion-events-rename: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-file-deletion-events-renameat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-file-deletion-events-rmdir: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-file-deletion-events-unlink: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-file-deletion-events-unlinkat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-immutable: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-kernel-module-loading-delete: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-kernel-module-loading-finit: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-kernel-module-loading-init: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-login-events-faillock: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-login-events-lastlog: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-login-events-tallylog: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-mac-modification: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-media-export: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-networkconfig-modification: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-at: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-chage: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-chsh: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-crontab: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-gpasswd: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-mount: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-newgidmap: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-newgrp: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-newuidmap: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-pam-timestamp-check: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-passwd: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-postdrop: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-postqueue: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-pt-chown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-ssh-keysign: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-su: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-sudo: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-sudoedit: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-umount: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-unix-chkpwd: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-userhelper: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-privileged-commands-usernetctl: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-session-events: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-sysadmin-actions: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-time-adjtimex: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-time-clock-settime: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-time-settimeofday: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-time-stime: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-time-watch-localtime: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-chmod: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-chown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-creat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-fchmod: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-fchmodat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-fchown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-fchownat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-fremovexattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-fsetxattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-ftruncate: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-lchown: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-lremovexattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-lsetxattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-open: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-open-o-creat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-open-o-trunc-write: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-open-rule-order: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-openat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-o-creat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-rule-order: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-removexattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-rename: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-renameat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-setxattr: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-truncate: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-unlink: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-unsuccessful-file-modification-unlinkat: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-usergroup-modification-group: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-usergroup-modification-gshadow: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-usergroup-modification-opasswd: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-usergroup-modification-passwd: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-audit-rules-usergroup-modification-shadow: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-auditd-data-disk-error-action: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-auditd-data-disk-full-action: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-auditd-data-retention-admin-space-left-action: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-auditd-data-retention-flush: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-auditd-data-retention-max-log-file: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-auditd-data-retention-max-log-file-action: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-auditd-data-retention-num-logs: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-auditd-data-retention-space-left: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-auditd-data-retention-space-left-action: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-auditd-freq: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-auditd-local-events: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-auditd-log-format: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-auditd-name-format: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-auditd-write-logs: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-banner-etc-issue: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-bios-disable-usb-boot: - default_result: MANUAL - result_after_remediation: MANUAL - e2e-high-worker-chronyd-client-only: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-chronyd-no-chronyc-network: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-chronyd-or-ntpd-set-maxpoll: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-chronyd-or-ntpd-specify-multiple-servers: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-chronyd-or-ntpd-specify-remote-server: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-configure-crypto-policy: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-configure-kerberos-crypto-policy: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-configure-openssl-crypto-policy: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-configure-ssh-crypto-policy: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-configure-usbguard-auditbackend: - default_result: NOT-APPLICABLE - result_after_remediation: PASS - e2e-high-worker-coredump-disable-backtraces: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-coredump-disable-storage: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-coreos-audit-backlog-limit-kernel-argument: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-coreos-audit-option: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-coreos-disable-interactive-boot: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-coreos-enable-selinux-kernel-argument: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-coreos-nousb-kernel-argument: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-coreos-page-poison-kernel-argument: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-coreos-pti-kernel-argument: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-coreos-vsyscall-kernel-argument: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-directory-access-var-log-audit: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-directory-permissions-var-log-audit: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-disable-ctrlaltdel-burstaction: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-disable-ctrlaltdel-reboot: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-disable-users-coredumps: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-enable-fips-mode: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-ensure-logrotate-activated: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-file-groupowner-sshd-config: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-file-owner-sshd-config: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-file-ownership-var-log-audit: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-file-permissions-sshd-config: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-file-permissions-sshd-private-key: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-file-permissions-sshd-pub-key: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-file-permissions-var-log-audit: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-kernel-module-atm-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-bluetooth-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-can-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-cfg80211-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-cramfs-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-firewire-core-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-freevxfs-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-hfs-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-hfsplus-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-iwlmvm-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-iwlwifi-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-jffs2-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-mac80211-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-sctp-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-squashfs-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-tipc-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-udf-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-kernel-module-usb-storage-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-no-direct-root-logins: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-no-empty-passwords: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-no-netrc-files: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-no-shelllogin-for-systemaccounts: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-no-tmux-in-shells: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-package-audit-installed: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-package-iptables-installed: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - e2e-high-worker-package-iptables-nft-installed: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-package-sudo-installed: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-package-usbguard-installed: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-partition-for-var-log: - default_result: MANUAL - result_after_remediation: MANUAL - e2e-high-worker-partition-for-var-log-audit: - default_result: MANUAL - result_after_remediation: MANUAL - e2e-high-worker-require-singleuser-auth: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-selinux-policytype: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-selinux-state: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-service-auditd-enabled: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-service-autofs-disabled: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE - e2e-high-worker-service-bluetooth-disabled: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-service-chronyd-or-ntpd-enabled: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-service-debug-shell-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-service-sshd-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-service-systemd-coredump-disabled: - default_result: FAIL - result_after_remediation: FAIL - e2e-high-worker-service-usbguard-enabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sshd-disable-rhosts: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sshd-limit-user-access: - default_result: FAIL - result_after_remediation: FAIL - e2e-high-worker-sshd-set-keepalive-0: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-fs-protected-hardlinks: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-sysctl-fs-protected-symlinks: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-sysctl-kernel-core-pattern: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-kernel-dmesg-restrict: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-kernel-kexec-load-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-kernel-kptr-restrict: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-sysctl-kernel-perf-event-paranoid: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-kernel-unprivileged-bpf-disabled: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-kernel-yama-ptrace-scope: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-core-bpf-jit-harden: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-conf-all-accept-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-conf-all-accept-source-route: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-conf-all-log-martians: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-conf-all-rp-filter: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-conf-all-secure-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-conf-all-send-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-conf-default-accept-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-conf-default-accept-source-route: - default_result: PASS - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-conf-default-log-martians: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-conf-default-rp-filter: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-conf-default-secure-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-conf-default-send-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv4-tcp-syncookies: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv6-conf-all-accept-ra: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv6-conf-all-accept-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv6-conf-all-accept-source-route: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv6-conf-default-accept-ra: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv6-conf-default-accept-redirects: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-sysctl-net-ipv6-conf-default-accept-source-route: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-usbguard-allow-hid-and-hub: - default_result: FAIL - result_after_remediation: PASS - e2e-high-worker-wireless-disable-in-bios: - default_result: MANUAL - result_after_remediation: MANUAL - e2e-high-worker-wireless-disable-interfaces: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE +rule_results: + e2e-high-master-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-high-master-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-master-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-master-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-master-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-high-master-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-master-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-bios-disable-usb-boot: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-high-worker-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-partition-for-var-log: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-partition-for-var-log-audit: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-high-worker-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-service-systemd-coredump-disabled: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sshd-limit-user-access: + default_result: FAIL + result_after_remediation: FAIL + e2e-high-worker-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-high-worker-wireless-disable-in-bios: + default_result: MANUAL + result_after_remediation: MANUAL + e2e-high-worker-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-moderate-4.13.yml b/tests/assertions/ocp4/rhcos4-moderate-4.13.yml new file mode 100644 index 00000000000..f4a6b3328ea --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-moderate-4.13.yml @@ -0,0 +1,1429 @@ +rule_results: + e2e-moderate-master-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-bios-disable-usb-boot: + default_result: MANUAL + e2e-moderate-master-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-moderate-master-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-master-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-partition-for-var-log: + default_result: MANUAL + e2e-moderate-master-partition-for-var-log-audit: + default_result: MANUAL + e2e-moderate-master-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-master-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-service-systemd-coredump-disabled: + default_result: FAIL + e2e-moderate-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sshd-limit-user-access: + default_result: FAIL + e2e-moderate-master-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-master-wireless-disable-in-bios: + default_result: MANUAL + e2e-moderate-master-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-worker-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-group-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-group-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-group-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-gshadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-gshadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-gshadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-passwd-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-passwd-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-passwd-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-shadow-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-shadow-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-etc-shadow-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-mac-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-newgidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-newuidmap: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-privileged-commands-usernetctl: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-open-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat-o-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat-o-trunc-write: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-openat-rule-order: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-disk-full-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-admin-space-left-action: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-max-log-file: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-max-log-file-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-num-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-space-left: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-data-retention-space-left-action: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-banner-etc-issue: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-bios-disable-usb-boot: + default_result: MANUAL + e2e-moderate-worker-chronyd-client-only: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-no-chronyc-network: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-or-ntpd-set-maxpoll: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-or-ntpd-specify-multiple-servers: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-kerberos-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-openssl-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-moderate-worker-coredump-disable-backtraces: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coredump-disable-storage: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-disable-interactive-boot: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-coreos-nousb-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-pti-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-directory-access-var-log-audit: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-directory-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-disable-ctrlaltdel-burstaction: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-disable-ctrlaltdel-reboot: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-disable-users-coredumps: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-enable-fips-mode: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-ensure-logrotate-activated: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-file-groupowner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-owner-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-sshd-config: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-sshd-private-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-sshd-pub-key: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-atm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-bluetooth-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-can-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-cfg80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-cramfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-firewire-core-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-freevxfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-hfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-hfsplus-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-iwlmvm-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-iwlwifi-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-jffs2-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-mac80211-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-sctp-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-squashfs-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-tipc-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-udf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-no-direct-root-logins: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-no-netrc-files: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-no-shelllogin-for-systemaccounts: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-no-tmux-in-shells: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-package-audit-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-package-iptables-installed: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-worker-package-iptables-nft-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-package-sudo-installed: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-partition-for-var-log: + default_result: MANUAL + e2e-moderate-worker-partition-for-var-log-audit: + default_result: MANUAL + e2e-moderate-worker-require-singleuser-auth: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-auditd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-autofs-disabled: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE + e2e-moderate-worker-service-bluetooth-disabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-service-debug-shell-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-service-systemd-coredump-disabled: + default_result: FAIL + e2e-moderate-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sshd-limit-user-access: + default_result: FAIL + e2e-moderate-worker-sshd-set-keepalive-0: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-fs-protected-hardlinks: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-sysctl-fs-protected-symlinks: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-core-pattern: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-kexec-load-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-all-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-accept-source-route: + default_result: PASS + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-log-martians: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-rp-filter: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-secure-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-conf-default-send-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-icmp-echo-ignore-broadcasts: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-icmp-ignore-bogus-error-responses: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv4-tcp-syncookies: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-all-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-ra: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-redirects: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-sysctl-net-ipv6-conf-default-accept-source-route: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-moderate-worker-wireless-disable-in-bios: + default_result: MANUAL + e2e-moderate-worker-wireless-disable-interfaces: + default_result: NOT-APPLICABLE + result_after_remediation: NOT-APPLICABLE diff --git a/tests/assertions/ocp4/rhcos4-stig-4.13.yml b/tests/assertions/ocp4/rhcos4-stig-4.13.yml new file mode 100644 index 00000000000..04fbb61a775 --- /dev/null +++ b/tests/assertions/ocp4/rhcos4-stig-4.13.yml @@ -0,0 +1,713 @@ +rule_results: + e2e-stig-master-audit-access-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-create-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-delete-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-immutable-login-uids: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-modify-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-dac-modification-umount2: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-dbus-daemon-launch-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-fusermount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-fusermount3: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-grub2-set-bootflag: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-mount-nfs: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-pkexec: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-polkit-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-krb5-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-ldap-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-proxy-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sssd-selinux-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-utempter: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-privileged-commands-write: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-auditd-data-retention-max-log-file-action-stig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-bios-enable-execution-restrictions: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-stig-master-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-slub-debug-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-file-groupowner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-groupowner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-owner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-owner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-permissions-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-permissions-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-partition-for-var-log-audit: + default_result: MANUAL + e2e-stig-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-master-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-master-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-access-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-create-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-delete-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-immutable-login-uids: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-modify-failed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchmod: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchmodat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fchownat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-fsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-lchown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-lremovexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-lsetxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-removexattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-setxattr: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-dac-modification-umount2: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-rmdir: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-file-deletion-events-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-immutable: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-media-export: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-chage: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-chsh: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-crontab: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-dbus-daemon-launch-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-fusermount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-fusermount3: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-gpasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-grub2-set-bootflag: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-mount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-mount-nfs: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-newgrp: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-pam-timestamp-check: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-pkexec: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-polkit-helper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-postdrop: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-postqueue: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-pt-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-ssh-keysign: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-krb5-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-ldap-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-proxy-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sssd-selinux-child: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-su: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sudo: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-sudoedit: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-umount: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-unix-chkpwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-userhelper: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-utempter: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-privileged-commands-write: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-session-events: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-creat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-ftruncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-open: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-open-by-handle-at: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-openat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-rename: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-renameat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-truncate: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-unlink: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-unsuccessful-file-modification-unlinkat: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-group: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-gshadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-opasswd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-passwd: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-audit-rules-usergroup-modification-shadow: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-auditd-data-disk-error-action: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-auditd-data-retention-max-log-file-action-stig: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-bios-enable-execution-restrictions: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-chronyd-or-ntpd-specify-remote-server: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-configure-usbguard-auditbackend: + default_result: NOT-APPLICABLE + result_after_remediation: PASS + e2e-stig-worker-coreos-audit-backlog-limit-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-audit-option: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-enable-selinux-kernel-argument: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-coreos-page-poison-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-slub-debug-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-coreos-vsyscall-kernel-argument: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-file-groupowner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-groupowner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-owner-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-owner-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-ownership-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-permissions-system-journal: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-permissions-var-log: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-file-permissions-var-log-audit: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-kernel-module-usb-storage-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-package-usbguard-installed: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-partition-for-var-log-audit: + default_result: MANUAL + e2e-stig-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-service-chronyd-or-ntpd-enabled: + default_result: PASS + result_after_remediation: PASS + e2e-stig-worker-service-sshd-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-service-usbguard-enabled: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sysctl-kernel-perf-event-paranoid: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-stig-worker-usbguard-allow-hid-and-hub: + default_result: FAIL + result_after_remediation: PASS From 5e77fd4be5a467479618af06e52580cc396fa1e6 Mon Sep 17 00:00:00 2001 From: Vincent Shen Date: Tue, 23 Apr 2024 13:41:02 -0700 Subject: [PATCH 8/9] Fix CI result Fix rule result for file-owner-ovn-db-files, file-permissions-ovn-cni-server-sock and file-permissions-ovn-db-files --- tests/assertions/ocp4/ocp4-cis-node-4.13.yml | 20 +++++------ tests/assertions/ocp4/ocp4-cis-node-4.14.yml | 20 +++++------ tests/assertions/ocp4/ocp4-cis-node-4.15.yml | 20 +++++------ tests/assertions/ocp4/ocp4-cis-node-4.16.yml | 20 +++++------ tests/assertions/ocp4/ocp4-high-node-4.13.yml | 36 +++++++------------ tests/assertions/ocp4/ocp4-high-node-4.14.yml | 36 +++++++------------ tests/assertions/ocp4/ocp4-high-node-4.15.yml | 36 +++++++------------ tests/assertions/ocp4/ocp4-high-node-4.16.yml | 36 +++++++------------ .../ocp4/ocp4-moderate-node-4.13.yml | 36 +++++++------------ .../ocp4/ocp4-moderate-node-4.14.yml | 36 +++++++------------ .../ocp4/ocp4-moderate-node-4.15.yml | 36 +++++++------------ .../ocp4/ocp4-moderate-node-4.16.yml | 36 +++++++------------ .../ocp4/ocp4-pci-dss-node-4.13.yml | 20 +++++------ .../ocp4/ocp4-pci-dss-node-4.14.yml | 20 +++++------ .../ocp4/ocp4-pci-dss-node-4.15.yml | 20 +++++------ .../ocp4/ocp4-pci-dss-node-4.16.yml | 20 +++++------ tests/assertions/ocp4/ocp4-stig-node-4.13.yml | 36 +++++++------------ tests/assertions/ocp4/ocp4-stig-node-4.14.yml | 36 +++++++------------ tests/assertions/ocp4/ocp4-stig-node-4.15.yml | 36 +++++++------------ tests/assertions/ocp4/ocp4-stig-node-4.16.yml | 36 +++++++------------ 20 files changed, 224 insertions(+), 368 deletions(-) diff --git a/tests/assertions/ocp4/ocp4-cis-node-4.13.yml b/tests/assertions/ocp4/ocp4-cis-node-4.13.yml index 00a14f3a53f..daa57369e53 100644 --- a/tests/assertions/ocp4/ocp4-cis-node-4.13.yml +++ b/tests/assertions/ocp4/ocp4-cis-node-4.13.yml @@ -34,7 +34,7 @@ rule_results: e2e-cis-node-master-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-cis-node-master-file-groupowner-ovs-conf-db: @@ -92,9 +92,9 @@ rule_results: e2e-cis-node-master-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-owner-ovs-conf-db: default_result: PASS e2e-cis-node-master-file-owner-ovs-conf-db-lock: @@ -144,9 +144,9 @@ rule_results: e2e-cis-node-master-file-permissions-openshift-pki-key-files: default_result: PASS e2e-cis-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-permissions-ovs-conf-db: default_result: PASS e2e-cis-node-master-file-permissions-ovs-conf-db-lock: @@ -234,7 +234,7 @@ rule_results: e2e-cis-node-worker-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-groupowner-ovs-conf-db: @@ -292,9 +292,9 @@ rule_results: e2e-cis-node-worker-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-owner-ovs-conf-db: default_result: PASS e2e-cis-node-worker-file-owner-ovs-conf-db-lock: @@ -344,9 +344,9 @@ rule_results: e2e-cis-node-worker-file-permissions-openshift-pki-key-files: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-permissions-ovs-conf-db: default_result: PASS e2e-cis-node-worker-file-permissions-ovs-conf-db-lock: diff --git a/tests/assertions/ocp4/ocp4-cis-node-4.14.yml b/tests/assertions/ocp4/ocp4-cis-node-4.14.yml index 00a14f3a53f..daa57369e53 100644 --- a/tests/assertions/ocp4/ocp4-cis-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-cis-node-4.14.yml @@ -34,7 +34,7 @@ rule_results: e2e-cis-node-master-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-cis-node-master-file-groupowner-ovs-conf-db: @@ -92,9 +92,9 @@ rule_results: e2e-cis-node-master-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-owner-ovs-conf-db: default_result: PASS e2e-cis-node-master-file-owner-ovs-conf-db-lock: @@ -144,9 +144,9 @@ rule_results: e2e-cis-node-master-file-permissions-openshift-pki-key-files: default_result: PASS e2e-cis-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-permissions-ovs-conf-db: default_result: PASS e2e-cis-node-master-file-permissions-ovs-conf-db-lock: @@ -234,7 +234,7 @@ rule_results: e2e-cis-node-worker-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-groupowner-ovs-conf-db: @@ -292,9 +292,9 @@ rule_results: e2e-cis-node-worker-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-owner-ovs-conf-db: default_result: PASS e2e-cis-node-worker-file-owner-ovs-conf-db-lock: @@ -344,9 +344,9 @@ rule_results: e2e-cis-node-worker-file-permissions-openshift-pki-key-files: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-permissions-ovs-conf-db: default_result: PASS e2e-cis-node-worker-file-permissions-ovs-conf-db-lock: diff --git a/tests/assertions/ocp4/ocp4-cis-node-4.15.yml b/tests/assertions/ocp4/ocp4-cis-node-4.15.yml index 00a14f3a53f..daa57369e53 100644 --- a/tests/assertions/ocp4/ocp4-cis-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-cis-node-4.15.yml @@ -34,7 +34,7 @@ rule_results: e2e-cis-node-master-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-cis-node-master-file-groupowner-ovs-conf-db: @@ -92,9 +92,9 @@ rule_results: e2e-cis-node-master-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-owner-ovs-conf-db: default_result: PASS e2e-cis-node-master-file-owner-ovs-conf-db-lock: @@ -144,9 +144,9 @@ rule_results: e2e-cis-node-master-file-permissions-openshift-pki-key-files: default_result: PASS e2e-cis-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-permissions-ovs-conf-db: default_result: PASS e2e-cis-node-master-file-permissions-ovs-conf-db-lock: @@ -234,7 +234,7 @@ rule_results: e2e-cis-node-worker-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-groupowner-ovs-conf-db: @@ -292,9 +292,9 @@ rule_results: e2e-cis-node-worker-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-owner-ovs-conf-db: default_result: PASS e2e-cis-node-worker-file-owner-ovs-conf-db-lock: @@ -344,9 +344,9 @@ rule_results: e2e-cis-node-worker-file-permissions-openshift-pki-key-files: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-permissions-ovs-conf-db: default_result: PASS e2e-cis-node-worker-file-permissions-ovs-conf-db-lock: diff --git a/tests/assertions/ocp4/ocp4-cis-node-4.16.yml b/tests/assertions/ocp4/ocp4-cis-node-4.16.yml index 00a14f3a53f..daa57369e53 100644 --- a/tests/assertions/ocp4/ocp4-cis-node-4.16.yml +++ b/tests/assertions/ocp4/ocp4-cis-node-4.16.yml @@ -34,7 +34,7 @@ rule_results: e2e-cis-node-master-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-cis-node-master-file-groupowner-ovs-conf-db: @@ -92,9 +92,9 @@ rule_results: e2e-cis-node-master-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-owner-ovs-conf-db: default_result: PASS e2e-cis-node-master-file-owner-ovs-conf-db-lock: @@ -144,9 +144,9 @@ rule_results: e2e-cis-node-master-file-permissions-openshift-pki-key-files: default_result: PASS e2e-cis-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-master-file-permissions-ovs-conf-db: default_result: PASS e2e-cis-node-master-file-permissions-ovs-conf-db-lock: @@ -234,7 +234,7 @@ rule_results: e2e-cis-node-worker-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-groupowner-ovs-conf-db: @@ -292,9 +292,9 @@ rule_results: e2e-cis-node-worker-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-owner-ovs-conf-db: default_result: PASS e2e-cis-node-worker-file-owner-ovs-conf-db-lock: @@ -344,9 +344,9 @@ rule_results: e2e-cis-node-worker-file-permissions-openshift-pki-key-files: default_result: NOT-APPLICABLE e2e-cis-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-cis-node-worker-file-permissions-ovs-conf-db: default_result: PASS e2e-cis-node-worker-file-permissions-ovs-conf-db-lock: diff --git a/tests/assertions/ocp4/ocp4-high-node-4.13.yml b/tests/assertions/ocp4/ocp4-high-node-4.13.yml index 5d7ea62133f..90731c37e3a 100644 --- a/tests/assertions/ocp4/ocp4-high-node-4.13.yml +++ b/tests/assertions/ocp4/ocp4-high-node-4.13.yml @@ -69,11 +69,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -156,11 +154,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -245,11 +241,9 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-high-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -425,11 +419,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -512,11 +504,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -601,11 +591,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-node-4.14.yml b/tests/assertions/ocp4/ocp4-high-node-4.14.yml index 5d7ea62133f..90731c37e3a 100644 --- a/tests/assertions/ocp4/ocp4-high-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-high-node-4.14.yml @@ -69,11 +69,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -156,11 +154,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -245,11 +241,9 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-high-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -425,11 +419,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -512,11 +504,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -601,11 +591,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-node-4.15.yml b/tests/assertions/ocp4/ocp4-high-node-4.15.yml index 5d7ea62133f..90731c37e3a 100644 --- a/tests/assertions/ocp4/ocp4-high-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-high-node-4.15.yml @@ -69,11 +69,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -156,11 +154,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -245,11 +241,9 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-high-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -425,11 +419,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -512,11 +504,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -601,11 +591,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-high-node-4.16.yml b/tests/assertions/ocp4/ocp4-high-node-4.16.yml index 5d7ea62133f..90731c37e3a 100644 --- a/tests/assertions/ocp4/ocp4-high-node-4.16.yml +++ b/tests/assertions/ocp4/ocp4-high-node-4.16.yml @@ -69,11 +69,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -156,11 +154,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -245,11 +241,9 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-high-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-master-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -425,11 +419,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -512,11 +504,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -601,11 +591,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-high-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-high-node-worker-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.13.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.13.yml index 85cb5fd0461..3ee235da4ec 100644 --- a/tests/assertions/ocp4/ocp4-moderate-node-4.13.yml +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.13.yml @@ -69,11 +69,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -156,11 +154,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -245,11 +241,9 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -425,11 +419,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -512,11 +504,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -601,11 +591,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml index 85cb5fd0461..3ee235da4ec 100644 --- a/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.14.yml @@ -69,11 +69,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -156,11 +154,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -245,11 +241,9 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -425,11 +419,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -512,11 +504,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -601,11 +591,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml index 85cb5fd0461..3ee235da4ec 100644 --- a/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.15.yml @@ -69,11 +69,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -156,11 +154,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -245,11 +241,9 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -425,11 +419,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -512,11 +504,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -601,11 +591,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-moderate-node-4.16.yml b/tests/assertions/ocp4/ocp4-moderate-node-4.16.yml index 85cb5fd0461..3ee235da4ec 100644 --- a/tests/assertions/ocp4/ocp4-moderate-node-4.16.yml +++ b/tests/assertions/ocp4/ocp4-moderate-node-4.16.yml @@ -69,11 +69,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -156,11 +154,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -245,11 +241,9 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-moderate-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-master-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -425,11 +419,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -512,11 +504,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -601,11 +591,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-moderate-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-moderate-node-worker-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4.13.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4.13.yml index 8d442ed3fe2..0ac2601980a 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-node-4.13.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4.13.yml @@ -40,7 +40,7 @@ rule_results: e2e-pci-dss-node-master-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-pci-dss-node-master-file-groupowner-ovs-conf-db: @@ -98,9 +98,9 @@ rule_results: e2e-pci-dss-node-master-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-owner-ovs-conf-db: default_result: PASS e2e-pci-dss-node-master-file-owner-ovs-conf-db-lock: @@ -156,9 +156,9 @@ rule_results: e2e-pci-dss-node-master-file-permissions-openshift-pki-key-files: default_result: PASS e2e-pci-dss-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-permissions-ovs-conf-db: default_result: PASS e2e-pci-dss-node-master-file-permissions-ovs-conf-db-lock: @@ -266,7 +266,7 @@ rule_results: e2e-pci-dss-node-worker-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-groupowner-ovs-conf-db: @@ -324,9 +324,9 @@ rule_results: e2e-pci-dss-node-worker-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-owner-ovs-conf-db: default_result: PASS e2e-pci-dss-node-worker-file-owner-ovs-conf-db-lock: @@ -382,9 +382,9 @@ rule_results: e2e-pci-dss-node-worker-file-permissions-openshift-pki-key-files: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-permissions-ovs-conf-db: default_result: PASS e2e-pci-dss-node-worker-file-permissions-ovs-conf-db-lock: diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml index 8d442ed3fe2..0ac2601980a 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4.14.yml @@ -40,7 +40,7 @@ rule_results: e2e-pci-dss-node-master-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-pci-dss-node-master-file-groupowner-ovs-conf-db: @@ -98,9 +98,9 @@ rule_results: e2e-pci-dss-node-master-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-owner-ovs-conf-db: default_result: PASS e2e-pci-dss-node-master-file-owner-ovs-conf-db-lock: @@ -156,9 +156,9 @@ rule_results: e2e-pci-dss-node-master-file-permissions-openshift-pki-key-files: default_result: PASS e2e-pci-dss-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-permissions-ovs-conf-db: default_result: PASS e2e-pci-dss-node-master-file-permissions-ovs-conf-db-lock: @@ -266,7 +266,7 @@ rule_results: e2e-pci-dss-node-worker-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-groupowner-ovs-conf-db: @@ -324,9 +324,9 @@ rule_results: e2e-pci-dss-node-worker-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-owner-ovs-conf-db: default_result: PASS e2e-pci-dss-node-worker-file-owner-ovs-conf-db-lock: @@ -382,9 +382,9 @@ rule_results: e2e-pci-dss-node-worker-file-permissions-openshift-pki-key-files: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-permissions-ovs-conf-db: default_result: PASS e2e-pci-dss-node-worker-file-permissions-ovs-conf-db-lock: diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml index 8d442ed3fe2..0ac2601980a 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4.15.yml @@ -40,7 +40,7 @@ rule_results: e2e-pci-dss-node-master-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-pci-dss-node-master-file-groupowner-ovs-conf-db: @@ -98,9 +98,9 @@ rule_results: e2e-pci-dss-node-master-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-owner-ovs-conf-db: default_result: PASS e2e-pci-dss-node-master-file-owner-ovs-conf-db-lock: @@ -156,9 +156,9 @@ rule_results: e2e-pci-dss-node-master-file-permissions-openshift-pki-key-files: default_result: PASS e2e-pci-dss-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-permissions-ovs-conf-db: default_result: PASS e2e-pci-dss-node-master-file-permissions-ovs-conf-db-lock: @@ -266,7 +266,7 @@ rule_results: e2e-pci-dss-node-worker-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-groupowner-ovs-conf-db: @@ -324,9 +324,9 @@ rule_results: e2e-pci-dss-node-worker-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-owner-ovs-conf-db: default_result: PASS e2e-pci-dss-node-worker-file-owner-ovs-conf-db-lock: @@ -382,9 +382,9 @@ rule_results: e2e-pci-dss-node-worker-file-permissions-openshift-pki-key-files: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-permissions-ovs-conf-db: default_result: PASS e2e-pci-dss-node-worker-file-permissions-ovs-conf-db-lock: diff --git a/tests/assertions/ocp4/ocp4-pci-dss-node-4.16.yml b/tests/assertions/ocp4/ocp4-pci-dss-node-4.16.yml index 8d442ed3fe2..0ac2601980a 100644 --- a/tests/assertions/ocp4/ocp4-pci-dss-node-4.16.yml +++ b/tests/assertions/ocp4/ocp4-pci-dss-node-4.16.yml @@ -40,7 +40,7 @@ rule_results: e2e-pci-dss-node-master-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-pci-dss-node-master-file-groupowner-ovs-conf-db: @@ -98,9 +98,9 @@ rule_results: e2e-pci-dss-node-master-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-owner-ovs-conf-db: default_result: PASS e2e-pci-dss-node-master-file-owner-ovs-conf-db-lock: @@ -156,9 +156,9 @@ rule_results: e2e-pci-dss-node-master-file-permissions-openshift-pki-key-files: default_result: PASS e2e-pci-dss-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-master-file-permissions-ovs-conf-db: default_result: PASS e2e-pci-dss-node-master-file-permissions-ovs-conf-db-lock: @@ -266,7 +266,7 @@ rule_results: e2e-pci-dss-node-worker-file-groupowner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-groupowner-ovn-db-files: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-groupowner-ovs-conf-db: @@ -324,9 +324,9 @@ rule_results: e2e-pci-dss-node-worker-file-owner-openshift-sdn-cniserver-config: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-owner-ovs-conf-db: default_result: PASS e2e-pci-dss-node-worker-file-owner-ovs-conf-db-lock: @@ -382,9 +382,9 @@ rule_results: e2e-pci-dss-node-worker-file-permissions-openshift-pki-key-files: default_result: NOT-APPLICABLE e2e-pci-dss-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE + default_result: PASS e2e-pci-dss-node-worker-file-permissions-ovs-conf-db: default_result: PASS e2e-pci-dss-node-worker-file-permissions-ovs-conf-db-lock: diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.13.yml b/tests/assertions/ocp4/ocp4-stig-node-4.13.yml index 98490b142a3..efbb9ff9c35 100644 --- a/tests/assertions/ocp4/ocp4-stig-node-4.13.yml +++ b/tests/assertions/ocp4/ocp4-stig-node-4.13.yml @@ -51,11 +51,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -141,11 +139,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -221,11 +217,9 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-stig-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -368,11 +362,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -458,11 +450,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -538,11 +528,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.14.yml b/tests/assertions/ocp4/ocp4-stig-node-4.14.yml index 98490b142a3..efbb9ff9c35 100644 --- a/tests/assertions/ocp4/ocp4-stig-node-4.14.yml +++ b/tests/assertions/ocp4/ocp4-stig-node-4.14.yml @@ -51,11 +51,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -141,11 +139,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -221,11 +217,9 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-stig-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -368,11 +362,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -458,11 +450,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -538,11 +528,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.15.yml b/tests/assertions/ocp4/ocp4-stig-node-4.15.yml index 98490b142a3..efbb9ff9c35 100644 --- a/tests/assertions/ocp4/ocp4-stig-node-4.15.yml +++ b/tests/assertions/ocp4/ocp4-stig-node-4.15.yml @@ -51,11 +51,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -141,11 +139,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -221,11 +217,9 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-stig-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -368,11 +362,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -458,11 +450,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -538,11 +528,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS diff --git a/tests/assertions/ocp4/ocp4-stig-node-4.16.yml b/tests/assertions/ocp4/ocp4-stig-node-4.16.yml index 98490b142a3..efbb9ff9c35 100644 --- a/tests/assertions/ocp4/ocp4-stig-node-4.16.yml +++ b/tests/assertions/ocp4/ocp4-stig-node-4.16.yml @@ -51,11 +51,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-master-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -141,11 +139,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-master-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -221,11 +217,9 @@ rule_results: default_result: PASS result_after_remediation: PASS e2e-stig-node-master-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-master-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -368,11 +362,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-worker-file-groupowner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-groupowner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-groupowner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -458,11 +450,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-worker-file-owner-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-owner-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-owner-ovs-conf-db: default_result: PASS result_after_remediation: PASS @@ -538,11 +528,9 @@ rule_results: default_result: NOT-APPLICABLE result_after_remediation: NOT-APPLICABLE e2e-stig-node-worker-file-permissions-ovn-cni-server-sock: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-permissions-ovn-db-files: - default_result: NOT-APPLICABLE - result_after_remediation: NOT-APPLICABLE + default_result: PASS e2e-stig-node-worker-file-permissions-ovs-conf-db: default_result: PASS result_after_remediation: PASS From eb04585275369a96f182bb43f8b0c5bc38055869 Mon Sep 17 00:00:00 2001 From: Vincent Shen Date: Fri, 26 Apr 2024 14:00:46 -0700 Subject: [PATCH 9/9] Add rhcos4-high-4.16 assertion file --- tests/assertions/ocp4/rhcos4-e8-4.16.yml | 301 +++++++++++++++++++++++ 1 file changed, 301 insertions(+) diff --git a/tests/assertions/ocp4/rhcos4-e8-4.16.yml b/tests/assertions/ocp4/rhcos4-e8-4.16.yml index e69de29bb2d..9061af8422f 100644 --- a/tests/assertions/ocp4/rhcos4-e8-4.16.yml +++ b/tests/assertions/ocp4/rhcos4-e8-4.16.yml @@ -0,0 +1,301 @@ +rule_results: + e2e-e8-master-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-login-events: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-configure-crypto-policy: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-sshd-disable-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-disable-gssapi-auth: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-disable-user-known-hosts: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-do-not-permit-user-env: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-enable-strictmodes: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-print-last-log: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sshd-set-loglevel-info: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-master-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-accounts-no-uid-except-zero: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-audit-rules-dac-modification-chmod: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-dac-modification-chown: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-chcon: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-restorecon: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-semanage: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-setfiles: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-setsebool: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-execution-seunshare: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-kernel-module-loading-delete: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-kernel-module-loading-finit: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-kernel-module-loading-init: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-login-events: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-login-events-faillock: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-login-events-lastlog: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-login-events-tallylog: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-networkconfig-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-sysadmin-actions: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-adjtimex: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-clock-settime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-settimeofday: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-stime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-time-watch-localtime: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-audit-rules-usergroup-modification: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-auditd-data-retention-flush: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-auditd-freq: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-auditd-local-events: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-auditd-log-format: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-auditd-name-format: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-auditd-write-logs: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-configure-crypto-policy: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-configure-ssh-crypto-policy: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-no-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-selinux-policytype: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-selinux-state: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-empty-passwords: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-gssapi-auth: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-rhosts: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-root-login: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-disable-user-known-hosts: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-do-not-permit-user-env: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-enable-strictmodes: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-print-last-log: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sshd-set-loglevel-info: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-dmesg-restrict: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-kptr-restrict: + default_result: PASS + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-randomize-va-space: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-unprivileged-bpf-disabled: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-kernel-yama-ptrace-scope: + default_result: FAIL + result_after_remediation: PASS + e2e-e8-worker-sysctl-net-core-bpf-jit-harden: + default_result: FAIL + result_after_remediation: PASS