-
Notifications
You must be signed in to change notification settings - Fork 706
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cluster_logging_operator_exists now handles two APIs
Reform rule cluster_logging_operator_exists to check for existence ClusterlogForwarders from logging and observability APIs. Adds two rules checking for log forwarding in each API
- Loading branch information
Showing
13 changed files
with
361 additions
and
69 deletions.
There are no files selected for viewing
11 changes: 11 additions & 0 deletions
11
applications/openshift/logging/cluster_logging_operator_exist/oval/shared.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| <def-group oval_version="5.11"> | ||
| <definition class="compliance" id="{{{ rule_id }}}" version="1"> {{{ | ||
| oval_metadata("Cluster Logging operator is installed and scanning") }}} <criteria | ||
| operator="OR"> | ||
| <extend_definition comment="Ensure clusterlogforwarder object exists" | ||
| definition_ref="cluster_logging_operator_exists_observability_api" /> | ||
| <extend_definition comment="Ensure clusterlogging object exists" | ||
| definition_ref="cluster_logging_operator_exists_logging_api" /> | ||
| </criteria> | ||
| </definition> | ||
| </def-group> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
47 changes: 47 additions & 0 deletions
47
applications/openshift/logging/cluster_logging_operator_exists_logging_api/rule.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
|
|
||
| title: Ensure that OpenShift Logging Operator is scanning the cluster | ||
|
|
||
| description: |- | ||
| OpenShift Logging Operator provides ability to aggregate all the logs from the | ||
| OpenShift Container Platform cluster, such as node system audit logs, application | ||
| container logs, and infrastructure logs. OpenShift Logging aggregates these logs | ||
| from throughout OpenShift cluster and stores them in a default log store. [1] | ||
| [1]https://docs.openshift.com/container-platform/4.10/logging/cluster-logging.html | ||
| rationale: |- | ||
| OpenShift Logging Operator is able to collect, aggregate, and manage logs. | ||
| identifiers: | ||
| cce@ocp4: CCE-86638-4 | ||
|
|
||
| references: | ||
| nist: AU-3(2) | ||
| srg: SRG-APP-000092-CTR-000165,SRG-APP-000111-CTR-000220,SRG-APP-000358-CTR-000805 | ||
|
|
||
| ocil_clause: 'OpenShift Logging Operator is not installed' | ||
|
|
||
| ocil: |- | ||
| Run the following command to retrieve the clusterlogging objects in the system: | ||
| <pre>$ oc get clusterlogging --all-namespaces</pre> | ||
| Make sure the OpenShift Logging Operator is installed and there exists | ||
| at least one active clusterlogging in the cluster. | ||
| severity: medium | ||
|
|
||
|
|
||
| warnings: | ||
| - general: |- | ||
| {{{ openshift_cluster_setting("/apis/logging.openshift.io/v1/namespaces/openshift-logging/clusterloggings/instance") | indent(4) }}} | ||
| template: | ||
| name: yamlfile_value | ||
| vars: | ||
| ocp_data: "true" | ||
| filepath: /apis/logging.openshift.io/v1/namespaces/openshift-logging/clusterloggings/instance | ||
| yamlpath: ".metadata.name" | ||
| entity_check: "at least one" | ||
| values: | ||
| - value: ".*" | ||
| operation: "pattern match" | ||
|
|
22 changes: 22 additions & 0 deletions
22
.../cluster_logging_operator_exists_logging_api/tests/does_not_have_logging_instance.fail.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| #!/bin/bash | ||
| # remediation = none | ||
|
|
||
| yum install -y jq | ||
|
|
||
| kube_apipath="/kubernetes-api-resources" | ||
|
|
||
| mkdir -p "$kube_apipath/apis/logging.openshift.io/v1/namespaces/openshift-logging/" | ||
|
|
||
| routes_apipath="/apis/logging.openshift.io/v1/namespaces/openshift-logging/instance" | ||
|
|
||
| cat <<EOF > "$kube_apipath$routes_apipath" | ||
| { | ||
| "apiVersion": "v1", | ||
| "items": [], | ||
| "kind": "List", | ||
| "metadata": { | ||
| "resourceVersion": "", | ||
| "selfLink": "" | ||
| } | ||
| } | ||
| EOF |
76 changes: 76 additions & 0 deletions
76
...g/cluster_logging_operator_exists_logging_api/tests/have_cluster_logging_instance.pass.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| #!/bin/bash | ||
| # remediation = none | ||
|
|
||
| yum install -y jq | ||
|
|
||
| kube_apipath="/kubernetes-api-resources" | ||
|
|
||
| mkdir -p "$kube_apipath/apis/logging.openshift.io/v1/namespaces/openshift-logging/" | ||
|
|
||
| routes_apipath="/apis/logging.openshift.io/v1/namespaces/openshift-logging/instance" | ||
|
|
||
| cat <<EOF > "$kube_apipath$routes_apipath" | ||
| { | ||
| "apiVersion": "v1", | ||
| "items": [ | ||
| { | ||
| "apiVersion": "observability.openshift.io/v1", | ||
| "kind": "ClusterLogForwarder", | ||
| "metadata": { | ||
| "annotations": { | ||
| "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"observability.openshift.io/v1\",\"kind\":\"ClusterLogForwarder\",\"metadata\":{\"annotations\":{},\"name\":\"instance\",\"namespace\":\"openshift-logging\"},\"spec\":{\"outputs\":[{\"elasticsearch\":{\"index\":\"most-logs\",\"url\":\"https://elasticsearch:9200\",\"version\":6},\"name\":\"default-elasticsearch\",\"type\":\"elasticsearch\"}],\"pipelines\":[{\"inputRefs\":[\"application\",\"audit\",\"infrastructure\"],\"name\":\"most-logs\",\"outputRefs\":[\"default\"]},{\"inputRefs\":[\"audit\"],\"name\":\"audit-logs\",\"outputRefs\":[\"default\"]}],\"serviceAccount\":{\"name\":\"cluster-loggin-operator\"}}}\n" | ||
| }, | ||
| "creationTimestamp": "2024-09-30T15:34:24Z", | ||
| "generation": 1, | ||
| "name": "instance", | ||
| "namespace": "openshift-logging", | ||
| "resourceVersion": "95318", | ||
| "uid": "7804fab5-b945-4024-acb7-e89652b5d4f7" | ||
| }, | ||
| "spec": { | ||
| "managementState": "Managed", | ||
| "outputs": [ | ||
| { | ||
| "elasticsearch": { | ||
| "index": "most-logs", | ||
| "url": "https://elasticsearch:9200", | ||
| "version": 6 | ||
| }, | ||
| "name": "default-elasticsearch", | ||
| "type": "elasticsearch" | ||
| } | ||
| ], | ||
| "pipelines": [ | ||
| { | ||
| "inputRefs": [ | ||
| "application", | ||
| "audit", | ||
| "infrastructure" | ||
| ], | ||
| "name": "most-logs", | ||
| "outputRefs": [ | ||
| "default" | ||
| ] | ||
| }, | ||
| { | ||
| "inputRefs": [ | ||
| "audit" | ||
| ], | ||
| "name": "audit-logs", | ||
| "outputRefs": [ | ||
| "default" | ||
| ] | ||
| } | ||
| ], | ||
| "serviceAccount": { | ||
| "name": "cluster-loggin-operator" | ||
| } | ||
| } | ||
| } | ||
| ], | ||
| "kind": "List", | ||
| "metadata": { | ||
| "resourceVersion": "" | ||
| } | ||
| } | ||
| EOF |
3 changes: 3 additions & 0 deletions
3
...ications/openshift/logging/cluster_logging_operator_exists_logging_api/tests/ocp4/e2e.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| --- | ||
| default_result: FAIL | ||
| result_after_remediation: PASS |
47 changes: 47 additions & 0 deletions
47
applications/openshift/logging/cluster_logging_operator_exists_observability_api/rule.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
|
|
||
| title: Ensure that OpenShift Logging Operator is scanning the cluster | ||
|
|
||
| description: |- | ||
| OpenShift Logging Operator provides ability to aggregate all the logs from the | ||
| OpenShift Container Platform cluster, such as node system audit logs, application | ||
| container logs, and infrastructure logs. OpenShift Logging aggregates these logs | ||
| from throughout OpenShift cluster and stores them in a default log store. [1] | ||
| [1]https://docs.openshift.com/container-platform/4.10/logging/cluster-logging.html | ||
| rationale: |- | ||
| OpenShift Logging Operator is able to collect, aggregate, and manage logs. | ||
| identifiers: | ||
| cce@ocp4: CCE-86639-2 | ||
|
|
||
| references: | ||
| nist: AU-3(2) | ||
| srg: SRG-APP-000092-CTR-000165,SRG-APP-000111-CTR-000220,SRG-APP-000358-CTR-000805 | ||
|
|
||
| ocil_clause: 'OpenShift Logging Operator is not installed' | ||
|
|
||
| ocil: |- | ||
| Run the following command to retrieve the clusterlogforwarder objects in the system: | ||
| <pre>$ oc get clusterlogforwarder --all-namespaces</pre> | ||
| Make sure the OpenShift Logging Operator is installed and there exists | ||
| at least one active clusterlogforwarderobject in the cluster. | ||
| severity: medium | ||
|
|
||
|
|
||
| warnings: | ||
| - general: |- | ||
| {{{ openshift_cluster_setting("/apis/observability.openshift.io/v1/namespaces/openshift-logging/clusterlogforwarders") | indent(4) }}} | ||
| template: | ||
| name: yamlfile_value | ||
| vars: | ||
| ocp_data: "true" | ||
| filepath: /apis/observability.openshift.io/v1/namespaces/openshift-logging/clusterlogforwarders | ||
| yamlpath: ".items[].metadata.name" | ||
| entity_check: "at least one" | ||
| values: | ||
| - value: ".*" | ||
| operation: "pattern match" | ||
|
|
Oops, something went wrong.