Skip to content

Commit 59d2acc

Browse files
xenolinuxxenolinux
authored
Merge pull request #96440 from dfitzmau/OCPBUGS-57358
OCPBUGS#57358: Added compliance profile warning for disabling sshd im…
2 parents 44da128 + d6c6fba commit 59d2acc

File tree

1 file changed

+10
-0
lines changed

1 file changed

+10
-0
lines changed

modules/compliance-supported-profiles.adoc

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -148,6 +148,11 @@ BSI (Bundesamt für Sicherheit in der Informationstechnik, Germany’s Federal O
148148
[id="fedramp-high-profiles_{context}"]
149149
== FedRAMP High compliance profiles
150150

151+
[IMPORTANT]
152+
====
153+
Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses the `service-sshd-disabled` rule, automatically disables the `sshd` service. This situation blocks SSH access to control plane nodes and compute nodes. To keep the SSH access enabled, create a `TailoredProfile` object and set the `rhcos4-service-sshd-disabled` rule value for the `disableRules` parameter.
154+
====
155+
151156
.Supported FedRAMP High compliance profiles
152157
[cols="2,2,1,2,1,2", options="header"]
153158

@@ -393,6 +398,11 @@ BSI (Bundesamt für Sicherheit in der Informationstechnik, Germany’s Federal O
393398
[id="stig-profiles_{context}"]
394399
== STIG compliance profiles
395400

401+
[IMPORTANT]
402+
====
403+
Applying automatic remedations to any profile, such as `rhcos4-stig`, that uses the `service-sshd-disabled` rule, automatically disables the `sshd` service. This situation blocks SSH access to control plane nodes and compute nodes. To keep the SSH access enabled, create a `TailoredProfile` object and set the `rhcos4-service-sshd-disabled` rule value for the `disableRules` parameter.
404+
====
405+
396406
.Supported STIG compliance profiles
397407
[cols="2,2,1,2,1,2", options="header"]
398408

0 commit comments

Comments
 (0)