Check: CNTR-RM-000080
Rancher Government Solutions Multi-Cluster Manager STIG:
CNTR-RM-000080
(in versions v1 r3 through v1 r1)
Title
When allowed by the central authentication system, the default role assigned to a user must be User-Base. (Cat II impact)
Discussion
Rancher MCM uses roles for authentication. It is necessary to ensure the proper roles and permissions are configured. The role used by default does not ensure least privilege. The default role needs to be changed to allow least privilege access.
Check Content
Verify User-Base is the default assigned role: -From the GUI, navigate to Triple Bar Symbol(Global) >> Users & Authentication >> Roles. -Click "Standard User". -At the top right, click the three dots, and then choose "Edit Config". -Under "New User Default", ensure "No" is selected. -Click "User-Base". -At the top right, click the three dots, and then "Edit Config". -Under "New User Default", ensure "Yes" is selected. If "No" is not selected for Standard User, this is a finding. If "Yes" is not selected for User-Base, this is a finding.
Fix Text
From the GUI, navigate to Triple Bar Symbol(Global) >> Users & Authentication >> Roles. -Click "Standard User". -At the top right, click the three dots, and then "Edit Config". -Under "New User Default", select "No" and click "Save". -Click "User-Base". -At the top right, click the three dots, and then click "Edit Config". -Under "New User Default", select "Yes", and then click "Save".
Additional Identifiers
Rule ID: SV-252845r879527_rule
Vulnerability ID: V-252845
Group Title: SRG-APP-000028-CTR-000080
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001404 |
The information system automatically audits account disabling actions. |
Controls
Number | Title |
---|---|
AC-2 (4) |
Automated Audit Actions |