OCP 4.22 Remediation Groups

← Back to OCP 4.22 Compliance Status View Summary

Each group below represents a logical set of related compliance checks that can be remediated together in a single MachineConfig or CRD.

HIGH Severity

Group Title Priority Status Tested Jira PR
H1 Crypto Policy P1 🔵 In Progress PASS CNF-21212 #529
H2 PAM Empty Passwords P1 🔵 In Progress PASS CNF-21212 #529
H3 SSHD Empty Passwords P1 🔵 In Progress PASS CNF-19031 #466

MEDIUM Severity

Group Title Priority Status Tested Compare Jira PR
M1 SSHD Configuration P2 🔵 In Progress PASS 📦 CNF-22620 #674
M4 Audit Rules - SELinux P2 🔵 In Progress PASS 📦 CNF-22621 #675
M6 Audit Rules - Time Modifications P2 🔵 In Progress PASS 📦 CNF-22622 #676
M7 Audit Rules - Login Monitoring P2 🔵 In Progress PASS 📦 CNF-22623 #677
M10 API Server Encryption P2 🔵 In Progress PASS 📦 CNF-22624 #678
M2 Kernel Hardening (Sysctl) P3 ⚪ On Hold PASS 📦 CNF-21196 -
M3 Audit Rules - DAC Modifications P3 🟡 Pending PASS 📦 - -
M5 Audit Rules - Kernel Modules P3 🟡 Pending PASS 📦 - -
M8 Audit Rules - Network Config P3 🟡 Pending PASS 📦 - -
M9 Auditd Configuration P3 🟡 Pending PASS 📦 - -
M11 Ingress TLS Ciphers P3 🟡 Pending PASS 📦 - -
M12 Audit Profile P3 🟡 Pending PASS 📦 - -
M13 Extended DAC Audit P3 🟡 Pending PASS 📦 - -
M14 Identity File Access Audit P3 🟡 Pending PASS 📦 - -
M15 File Deletion Audit P3 🟡 Pending PASS 📦 - -
M16 Unsuccessful File Modification Audit P3 🟡 Pending PASS 📦 - -
M17 Privileged Commands Audit P3 🟡 Pending PASS 📦 - -
M18 Session & MAC Audit P3 🟡 Pending PASS 📦 - -
M19 Usergroup Modification Audit P3 🟡 Pending PASS 📦 - -
M20 Auditd Data Retention P3 🟡 Pending PASS 📦 - -
M21 Kernel Module Blacklist P3 🟡 Pending PASS 📦 - -
M22 Network Sysctl Hardening P3 🟡 Pending PASS 📦 - -
M23 Kernel Sysctl Extended P3 🟡 Pending PASS 📦 - -
M24 CoreOS Kernel Arguments P3 🟡 Pending PASS 📦 - -
M25 Chrony/NTP Configuration P3 🟡 Pending PASS 📦 - -
M26 Systemd Hardening P3 🟡 Pending PASS 📦 - -
M27 SSHD Moderate Extensions P3 🟡 Pending PASS 📦 - -
M28 USBGuard P3 🟡 Pending WARN 📦 - -
M29 System Access Controls P3 🟡 Pending PASS 📦 - -
M30 OAuth Configuration P3 🟡 Pending PASS 📦 - -

LOW Severity

Group Title Priority Status Tested Compare Jira PR
L1 SSHD LogLevel P4 🟡 Pending PASS 📦 - -
L2 Sysctl dmesg_restrict P4 🟡 Pending PASS 📦 - -

Manual Checks (No Auto-Remediation)

These checks require manual operator review — no MachineConfig or CRD can fix them automatically.

Group Title Checks Priority Status
MAN1 Workload Security 15 P3 🟡 Pending
MAN2 RBAC & Access Control 5 P2 🟡 Pending
MAN3 Secrets Management 2 P3 🟡 Pending
MAN4 Audit Log Partitions 4 P4 🟡 Pending
MAN5 Hardware/BIOS & Alerting 5 P4 🟡 Pending

Group Naming Convention

Priority Legend

Priority Label Criteria
P1 Critical HIGH severity - security critical
P2 High MEDIUM severity with high impact (5+ checks) or API/encryption
P3 Medium MEDIUM severity with standard impact
P4 Low LOW severity - best practices
P5 Deferred On hold or blocked

Status Legend

Status Meaning
🔵 In Progress Active PR open for remediation
🟡 Pending Not yet started
⚪ On Hold Paused
🟢 Complete Merged and verified

Linking to Groups from PRs

Use these URLs in your PR descriptions:

https://sebrandon1.github.io/compliance-scripts/versions/4.22/groups/H1.html
https://sebrandon1.github.io/compliance-scripts/versions/4.22/groups/M1.html

Example markdown for PR descriptions:

This PR implements [H1: Crypto Policy](https://sebrandon1.github.io/compliance-scripts/versions/4.22/groups/H1.html) and [H2: PAM Empty Passwords](https://sebrandon1.github.io/compliance-scripts/versions/4.22/groups/H2.html).
Legend
Status
🔵 In Progress
🟡 Pending
On Hold
🟢 Complete
Severity
HIGH
MEDIUM
LOW
MANUAL

Keyboard Shortcuts

Navigation
j / Next row
k / Previous row
Enter Open selected / Expand details
Esc Clear selection / Close modal
Actions
/ Focus search
d Toggle dark mode
? Show this help
g h Go to home
Filters
1 Show all
2 Pending only
3 In Progress only
4 Complete only