OCP 4.21 Remediation Groups
| ← Back to OCP 4.21 Compliance Status | View Summary |
Each group below represents a logical set of related compliance checks that can be remediated together in a single MachineConfig or CRD.
HIGH Severity
| Group | Title | Priority | Status | Jira | PR |
|---|---|---|---|---|---|
| H1 | Crypto Policy | P1 | 🔵 In Progress | CNF-21212 | #529 |
| H2 | PAM Empty Passwords | P1 | 🔵 In Progress | CNF-21212 | #529 |
| H3 | SSHD Empty Passwords | P1 | 🔵 In Progress | CNF-19031 | #466 |
MEDIUM Severity
| Group | Title | Priority | Status | Compare | Jira | PR |
|---|---|---|---|---|---|---|
| M1 | SSHD Configuration | P2 | 🟡 Pending | 📦 | - | - |
| M4 | Audit Rules - SELinux | P2 | 🟡 Pending | 📦 | - | - |
| M6 | Audit Rules - Time Modifications | P2 | 🟡 Pending | 📦 | - | - |
| M7 | Audit Rules - Login Monitoring | P2 | 🟡 Pending | 📦 | - | - |
| M10 | API Server Encryption | P2 | 🟡 Pending | 📦 | - | - |
| M2 | Kernel Hardening (Sysctl) | P3 | ⚪ On Hold | 📦 | CNF-21196 | - |
| M3 | Audit Rules - DAC Modifications | P3 | 🟡 Pending | 📦 | - | - |
| M5 | Audit Rules - Kernel Modules | P3 | 🟡 Pending | 📦 | - | - |
| M8 | Audit Rules - Network Config | P3 | 🟡 Pending | 📦 | - | - |
| M9 | Auditd Configuration | P3 | 🟡 Pending | 📦 | - | - |
| M11 | Ingress TLS Ciphers | P3 | 🟡 Pending | 📦 | - | - |
| M12 | Audit Profile | P3 | 🟡 Pending | 📦 | - | - |
LOW Severity
| Group | Title | Priority | Status | Compare | Jira | PR |
|---|---|---|---|---|---|---|
| L1 | SSHD LogLevel | P4 | 🟡 Pending | 📦 | - | - |
| L2 | Sysctl dmesg_restrict | P4 | 🟡 Pending | 📦 | - | - |
Group Naming Convention
- H = HIGH severity (H1, H2, H3)
- M = MEDIUM severity (M1-M12)
- L = LOW severity (L1, L2)
Priority Legend
| Priority | Label | Criteria |
|---|---|---|
| P1 | Critical | HIGH severity - security critical |
| P2 | High | MEDIUM severity with high impact (5+ checks) or API/encryption |
| P3 | Medium | MEDIUM severity with standard impact |
| P4 | Low | LOW severity - best practices |
| P5 | Deferred | On hold or blocked |
Status Legend
| Status | Meaning |
|---|---|
| 🔵 In Progress | Active PR open for remediation |
| 🟡 Pending | Not yet started |
| ⚪ On Hold | Paused |
| 🟢 Complete | Merged and verified |
Linking to Groups from PRs
Use these URLs in your PR descriptions:
https://sebrandon1.github.io/compliance-scripts/versions/4.21/groups/H1.html
https://sebrandon1.github.io/compliance-scripts/versions/4.21/groups/M1.html
Example markdown for PR descriptions:
This PR implements [H1: Crypto Policy](https://sebrandon1.github.io/compliance-scripts/versions/4.21/groups/H1.html) and [H2: PAM Empty Passwords](https://sebrandon1.github.io/compliance-scripts/versions/4.21/groups/H2.html).