Date of Release: 18/02/2025
Version Information
| - | Version | Hardening References |
|---|---|---|
| Red Hat Enterprise Linux | 9.4 | USG STIGs ver 1 rel 14 |
| Rancher Kubernetes Engine Government (RKE2) | v1.28.10 | CIS v1.23 |
| Glasswall Halo | 2.8.0 | SAST, DAST, SCA and Container Security Reports available on request |
System Requirements
Recommended
32 vCPU
64 GB RAM
Minimum
16 vCPU
32 GB RAM
Base OS Information
- SELinux is Enforcing
- No USG STIG banner message by default (configurable)
- Password Quality Enhancements:
- Be at least 15 characters long.
- Contains:
- At least 1 uppercase letter (e.g., A),
- At least 1 lowercase letter (e.g., a),
- At least 1 digit (e.g., 1),
- At least 1 special character (e.g., !).
- Avoid:
- Using more than 3 consecutive identical characters (e.g., aaa),
- Using more than 4 consecutive characters of the same type (e.g., 1111 or AAAA).
- Be significantly different from the previous password (at least 8 characters must differ).
- Exclude the username or dictionary-based words.
- RKE2 log configuration changes:
- API server audit level updated from None to RequestResponse
- API server audit log location updated to /var/log/rancher
Kubernetes Information
- CNI plugin: Canal
Glasswall Halo Information
Currently deployed services and Helm charts:
- cdrplatform-engine
- cdrplatform-sync-api
- cdrplatform-report-extractor
- cdrplatform-portal
- cdrplatform-policy-api
- cdrplatform-api-access
- cdrplatform-portal-access
- cdrplatform-license-management
- cdrplatform-cleanup
- cdrplatform-async-api
- cdrplatform-metrics-collation
- cdrplatform-metrics-projection
- cdrplatform-rabbitmq
- cdrplatform-storage
- nginx-ingress
Please refer to the Glasswall Halo V2.8.0 Release Notes for more information.