Skip to content

Why permissive profile is not seen with CIS benchmark version v1.9?

This document (000021709) is provided subject to the disclaimer at the end of this document.

Environment

  • SUSE Rancher 2.10.x
  • RKE2 v1.27.x and above

Situation

Only one profile "rke2-cis-1.9-profile" is seen with CIS Benchmark app versions 1.9 and above, there aren't any additional profiles like the permissive profile.

Resolution

Starting from CIS-1.9, there will be only one profile called "rke2-cis-1.9-profile" which covers all use cases. Permissive profiles have been removed, and we now work with a single profile that is meant to be the hardened one. All required checks must be enforced to pass the CIS using the hardening guide. Please find the relevant information here: https://github.com/rancher/rancher/issues/46881

Please note "rke2-cis-1.9-profile" should be used for all hardened/non-hardened RKE2 clusters with version 1.27 and above.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.