Skip to content

Comments

RAN Hardening: High Severity #339

Closed
sebrandon1 wants to merge 1 commit intoopenshift-kni:mainfrom
sebrandon1:compliance_high_level_only
Closed

RAN Hardening: High Severity #339
sebrandon1 wants to merge 1 commit intoopenshift-kni:mainfrom
sebrandon1:compliance_high_level_only

Conversation

@sebrandon1
Copy link
Contributor

Related to: #193

PR #193 contains all of the YAMLs for high, medium, and low severity compliance remediations in to one PR. I'm breaking it down by severity level to make it easier for review.

The compliance operator finds the following failures that are designated as high:

$ oc get compliancecheckresult -A | grep high | grep FAIL
openshift-compliance   ocp4-cis-configure-network-policies-namespaces                    FAIL     high
openshift-compliance   rhcos4-e8-master-configure-crypto-policy                          FAIL     high
openshift-compliance   rhcos4-e8-master-no-empty-passwords                               FAIL     high
openshift-compliance   rhcos4-e8-master-sshd-disable-empty-passwords                     FAIL     high
openshift-compliance   rhcos4-e8-worker-configure-crypto-policy                          FAIL     high
openshift-compliance   rhcos4-e8-worker-no-empty-passwords                               FAIL     high
openshift-compliance   rhcos4-e8-worker-sshd-disable-empty-passwords                     FAIL     high

The files in this PR combine all of the remediations for all of the respective paths they modify.

@openshift-ci openshift-ci bot requested review from fedepaol and yanirq August 29, 2025 20:05
@openshift-ci
Copy link

openshift-ci bot commented Aug 29, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sebrandon1
Once this PR has been reviewed and has the lgtm label, please assign irinamihai for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@sebrandon1 sebrandon1 force-pushed the compliance_high_level_only branch 2 times, most recently from c1c8bbb to 21b0eee Compare September 3, 2025 19:35
@browsell
Copy link

browsell commented Sep 9, 2025

/hold
There is nothing here that is Telco specific. If this is required it needs to go into the product not something that has to be maintained by Telco.

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 9, 2025
@sebrandon1
Copy link
Contributor Author

Closing in favor of: #466

@sebrandon1 sebrandon1 closed this Nov 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants