Why permissive profile is not seen with CIS benchmark version v1.9?
This document (000021709) is provided subject to the disclaimer at the end of this document.
Environment
- SUSE Rancher 2.10.x
- RKE2 v1.27.x and above
Situation
Only one profile "rke2-cis-1.9-profile" is seen with CIS Benchmark app versions 1.9 and above, there aren't any additional profiles like the permissive profile.
Resolution
Starting from CIS-1.9, there will be only one profile called "rke2-cis-1.9-profile" which covers all use cases. Permissive profiles have been removed, and we now work with a single profile that is meant to be the hardened one. All required checks must be enforced to pass the CIS using the hardening guide. Please find the relevant information here: https://github.com/rancher/rancher/issues/46881
Please note "rke2-cis-1.9-profile" should be used for all hardened/non-hardened RKE2 clusters with version 1.27 and above.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021709
- Creation Date: 16-Feb-2025
- Modified Date:28-Mar-2025
-
- SUSE Rancher
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
