New RedHat OpenShift Container Platform Plugin and Audit files

Summary

Customers can now measure compliance against RedHat OpenShift Container Platform with new plugin ID 161406 on Tenable.io and Nessus. This plugin will be published with a new credential type: OpenShift Container Platform. This plugin retrieves target data using the RedHat OpenShift Container Platform API and will evaluate actual values against a given audit policy. All data retrieval and communication is via the RedHat OpenShift Container Platform API.

Additional Notes

Two CIS audits will be released along with the plugin:

CIS RedHat OpenShift Container Platform 4 v1.2.0 Level 1

CIS RedHat OpenShift Container Platform 4 v1.2.0 Level 2

Example audit structure

<check_type: "OpenShift">

<custom_item>

 type           : REST_API

 description    : "Minimize the admission of containers with allowPrivilegeEscalation"

 request        : "getSecurityContextConstraints"

 json_transform : ".items[] | .spec.clusterID as $clusterID | .items[] | \"Cluster ID: \($clusterID), Name: \(.metadata.name), UID: \(.metadata.uid), Allow Privilege Escalation: \(.allowPrivilegeEscalation)\""

 expect         : "Allow Privilege Escalation: false"

</custom_item>

</check_type>

The 'request' tag references specific API endpoints for data retrieval. The 'json_transform' tag selects specific parts of returned data. Regex and expect tags will further filter and evaluate the data for a passing or failing result.

Target Release Date

January 27, 2023