MEDIUM M24: CoreOS Kernel Arguments P3

Verified Compare Branch

Overview

Configures RHCOS kernel boot arguments for security hardening. Enables page table isolation (PTI), vsyscall emulation restrictions, page poisoning, audit subsystem, and USB device restrictions.

Profile: NIST 800-53 Moderate (rhcos4-moderate)

Compliance Checks

Check Description
audit-backlog-limit-kernel-argument Set audit backlog limit via kernel arg
audit-option Enable audit=1 kernel argument
nousb-kernel-argument Disable USB via kernel argument
page-poison-kernel-argument Enable page poisoning
pti-kernel-argument Enable page table isolation (Meltdown mitigation)
vsyscall-kernel-argument Set vsyscall=none (disable legacy syscall interface)

Verification

oc debug node/<node> -- chroot /host cat /proc/cmdline | tr ' ' '\n' | grep -E 'audit|nousb|page_poison|pti|vsyscall'
← M23 All Groups M25 →
Legend
Status
🔵 In Progress
🟡 Pending
⚪ On Hold
🟢 Complete
Severity
HIGH
MEDIUM
LOW
MANUAL

Keyboard Shortcuts

Navigation
j / Next row
k / Previous row
Enter Open selected / Expand details
Esc Clear selection / Close modal
Actions
/ Focus search
d Toggle dark mode
? Show this help
g h Go to home
Filters
1 Show all
2 Pending only
3 In Progress only
4 Complete only