Skip to content

Why permissive profile is not seen with CIS benchmark version v1.9?

Article Number: 000021709

Environment

  • SUSE Rancher 2.10.x
  • RKE2 v1.27.x and above

Situation

Only one profile "rke2-cis-1.9-profile" is seen with CIS Benchmark app versions 1.9 and above, there aren't any additional profiles like the permissive profile.

Resolution

Starting from CIS-1.9, there will be only one profile called "rke2-cis-1.9-profile" which covers all use cases. Permissive profiles have been removed, and we now work with a single profile that is meant to be the hardened one. All required checks must be enforced to pass the CIS using the hardening guide. Please find the relevant information here: https://github.com/rancher/rancher/issues/46881

Please note "rke2-cis-1.9-profile" should be used for all hardened/non-hardened RKE2 clusters with version 1.27 and above.