Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Frankfurt

Integration health checks will automatically perform the following security checks for the Frankfurt release.

  1. pod_root: Pods must not run as root in Frankfurt.
  2. Java debug wire protocol (jdpw) port must be closed (onap-dcae-redis-0, onap-dcae-redis-1, onap-dcae-redis-2, onap-msb-eag-57f7ccb568-ht7h6, onap-msb-iag-6f8f449bd7-d582t, onap-vnfsdk-566786f85f-m9q9b 8000)
    1. Update the test  to exclude false positives reported by the project teams (redis default port = jdpw default port (6379)).
  3. nodeport_ingress: HTTP ports must be migrated to HTTPS.
    1. Review the list of the current 20 HTTP ports to determine which ones are necessary (robot, portal-sdk, portal-app, message-router, dmaap-bc, log-kibana, log-es, dmaap-dr-prov, cli , consul-server-ui, sniro-emulator, refrepo , uui, config-binding-service, dashboard, netbox-nginx, music-tomcat, cds-blueprints-processor-http, aaf-fs). The aaf-fs port is a known exception.
    2. Upgrade test to exclude those HTTP port.

CIS Benchmarks

               

  • No labels