)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"3ed41d2ccf753e566bdf3d4346a249f1e458a664","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Suzana Fernandes \u003cSuzana.Fernandes@windriver.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2025-07-01 19:18:24 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"k8s configuration for meeting CIS Benchmark Standards"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Story: 2011337"},{"line_number":10,"context_line":"Task: 51633"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"5195e05f_9835d1a2","line":7,"updated":"2025-07-11 12:43:22.000000000","message":"Can modify title as \n\"k8s configuration for meeting CIS Benchmark Standards\"","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"c3e55ab224c10c7a4546076fec727053b0e9a1f6","unresolved":true,"context_lines":[{"line_number":4,"context_line":"Commit:     Suzana Fernandes \u003cSuzana.Fernandes@windriver.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2025-07-01 19:18:24 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"k8s configuration for meeting CIS Benchmark Standards"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Story: 2011337"},{"line_number":10,"context_line":"Task: 51633"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"ebf41435_a0c0b47c","line":7,"in_reply_to":"5195e05f_9835d1a2","updated":"2025-07-11 12:47:19.000000000","message":"May modify title as\n\"Configuration for CIS Benchmark Containers and Hosts Standards\"","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"c42ebd43793858ae0bb3aad974366f245c096106","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Suzana Fernandes \u003cSuzana.Fernandes@windriver.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2025-07-01 19:18:24 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"k8s configuration for meeting CIS Benchmark Standards"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Story: 2011337"},{"line_number":10,"context_line":"Task: 51633"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"df9e4491_e09629dd","line":7,"in_reply_to":"ebf41435_a0c0b47c","updated":"2025-07-11 20:25:32.000000000","message":"Done","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"c42ebd43793858ae0bb3aad974366f245c096106","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"7a024234_6f44d483","updated":"2025-07-11 20:25:32.000000000","message":"done","commit_id":"4da3188ef9532114c76380220f7a8d07ce5aa405"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e8f817d7a988100f30c813a7d134f1fd76b78881","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"b1876b79_1d46380f","updated":"2025-07-16 17:15:52.000000000","message":"Hey Suzana, just added some minor editorial fixes. Thanks!","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"9504a0f60cfae5ed8eeeff967ffc14d5fc786196","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"678cf7cf_222f7eb6","in_reply_to":"b1876b79_1d46380f","updated":"2025-07-16 17:53:18.000000000","message":"Thank you very much for reviewing it, Elisa.","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"}],"doc/source/security/kubernetes/configuring-system-to-cis-benchmark-for-containers-standards-3df0c174ffe2.rst":[{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"3ed41d2ccf753e566bdf3d4346a249f1e458a664","unresolved":true,"context_lines":[{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for containers for most"},{"line_number":11,"context_line":"specifications. However, However, you can define, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied. "},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."}],"source_content_type":"text/x-rst","patch_set":2,"id":"c8946f94_8492406b","line":11,"updated":"2025-07-11 12:43:22.000000000","message":"Please change \"you can define,\" to you can decide,\"","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"3ed41d2ccf753e566bdf3d4346a249f1e458a664","unresolved":true,"context_lines":[{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for containers for most"},{"line_number":11,"context_line":"specifications. However, However, you can define, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied. "},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."}],"source_content_type":"text/x-rst","patch_set":2,"id":"2581ab12_0689f60b","line":11,"updated":"2025-07-11 12:43:22.000000000","message":"Typo,\nHowever, However,","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"c42ebd43793858ae0bb3aad974366f245c096106","unresolved":false,"context_lines":[{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for containers for most"},{"line_number":11,"context_line":"specifications. However, However, you can define, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied. "},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."}],"source_content_type":"text/x-rst","patch_set":2,"id":"8789d73a_b83a53e1","line":11,"in_reply_to":"2581ab12_0689f60b","updated":"2025-07-11 20:25:32.000000000","message":"Done","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"c42ebd43793858ae0bb3aad974366f245c096106","unresolved":false,"context_lines":[{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for containers for most"},{"line_number":11,"context_line":"specifications. However, However, you can define, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied. "},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."}],"source_content_type":"text/x-rst","patch_set":2,"id":"e6c02920_d37bb7ca","line":11,"in_reply_to":"c8946f94_8492406b","updated":"2025-07-11 20:25:32.000000000","message":"Done","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"6216cf905079da02935e43a0223a1f73735c9ed7","unresolved":true,"context_lines":[{"line_number":58,"context_line":"Therefore, it is not recommended to configure this until this bug is resolved."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"**Minor Warning:**"},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"CIS-1.2.12 is not applicable to the current version."},{"line_number":64,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"1e4ece80_c7e3087f","line":61,"updated":"2025-07-14 05:25:19.000000000","message":"Please check if need to provide warning something similar to warning in this page, in red color. If yes, please do it for all warnings.\nhttps://docs.starlingx.io/security/kubernetes/keystone-account-roles-64098d1abdc1.html","commit_id":"4da3188ef9532114c76380220f7a8d07ce5aa405"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"e98b1ce5b8a4448657c2f065d59607c4018d1b11","unresolved":false,"context_lines":[{"line_number":58,"context_line":"Therefore, it is not recommended to configure this until this bug is resolved."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"**Minor Warning:**"},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"CIS-1.2.12 is not applicable to the current version."},{"line_number":64,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"24a6bbea_6199f11d","line":61,"in_reply_to":"1e4ece80_c7e3087f","updated":"2025-07-14 12:23:19.000000000","message":"Done","commit_id":"4da3188ef9532114c76380220f7a8d07ce5aa405"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e8f817d7a988100f30c813a7d134f1fd76b78881","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Configure System to CIS Benchmark for Containers Standards"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for containers for most"},{"line_number":11,"context_line":"specifications. However, you can decide, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied."},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"}],"source_content_type":"text/x-rst","patch_set":8,"id":"816d17da_df337ceb","line":10,"range":{"start_line":10,"start_character":37,"end_line":10,"end_character":41},"updated":"2025-07-16 17:15:52.000000000","message":"Add to acronyms list.","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"9504a0f60cfae5ed8eeeff967ffc14d5fc786196","unresolved":false,"context_lines":[{"line_number":7,"context_line":"Configure System to CIS Benchmark for Containers Standards"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for containers for most"},{"line_number":11,"context_line":"specifications. However, you can decide, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied."},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"}],"source_content_type":"text/x-rst","patch_set":8,"id":"2c7d9708_9e9105d7","line":10,"range":{"start_line":10,"start_character":37,"end_line":10,"end_character":41},"in_reply_to":"816d17da_df337ceb","updated":"2025-07-16 17:53:18.000000000","message":"Done","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e8f817d7a988100f30c813a7d134f1fd76b78881","unresolved":true,"context_lines":[{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"- CIS-1.2.11 Ensure that the admission control plugin AlwaysPullImages is set https://hub.armosec.io/docs/c-0123"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"- CIS-1.2.17 Ensure that the API Server --profiling argument is set to false https://hub.armosec.io/docs/c-0129"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"- CIS-1.2.19 Ensure that the API Server --audit-log-maxage argument is set to 30 or as appropriate https://hub.armosec.io/docs/c-0131"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"- CIS-3.2.1 Ensure that a minimal audit policy is created https://hub.armosec.io/docs/c-0160"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"These |CIS| specifications are not applied by default in |prod| and require you"},{"line_number":25,"context_line":"to configure them if you want strict CIS compliance. The configuration mentioned"}],"source_content_type":"text/x-rst","patch_set":8,"id":"596dbbe9_84a2f9c2","line":22,"range":{"start_line":16,"start_character":0,"end_line":22,"end_character":92},"updated":"2025-07-16 17:15:52.000000000","message":"Make this a definition list and use double backticks as needed to highlight commands or arguments.","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"9504a0f60cfae5ed8eeeff967ffc14d5fc786196","unresolved":false,"context_lines":[{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"- CIS-1.2.11 Ensure that the admission control plugin AlwaysPullImages is set https://hub.armosec.io/docs/c-0123"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"- CIS-1.2.17 Ensure that the API Server --profiling argument is set to false https://hub.armosec.io/docs/c-0129"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"- CIS-1.2.19 Ensure that the API Server --audit-log-maxage argument is set to 30 or as appropriate https://hub.armosec.io/docs/c-0131"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"- CIS-3.2.1 Ensure that a minimal audit policy is created https://hub.armosec.io/docs/c-0160"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"These |CIS| specifications are not applied by default in |prod| and require you"},{"line_number":25,"context_line":"to configure them if you want strict CIS compliance. The configuration mentioned"}],"source_content_type":"text/x-rst","patch_set":8,"id":"3af589bb_947b9180","line":22,"range":{"start_line":16,"start_character":0,"end_line":22,"end_character":92},"in_reply_to":"596dbbe9_84a2f9c2","updated":"2025-07-16 17:53:18.000000000","message":"Done","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e8f817d7a988100f30c813a7d134f1fd76b78881","unresolved":true,"context_lines":[{"line_number":55,"context_line":""},{"line_number":56,"context_line":"        To adhere to this control point, it is required to configure ``enable-admission-plugins\u003d\"EventRateLimit\"``."},{"line_number":57,"context_line":"        But this configuration causes the API server to fail during startup due to a"},{"line_number":58,"context_line":"        longstanding issue in Kubernetes. This is a known Kubernetes bug tracked here"},{"line_number":59,"context_line":"        (Kubernetes Issue #62861, https://github.com/kubernetes/kubernetes/issues/62861)."},{"line_number":60,"context_line":"        Therefore, it is not recommended to configure this until this bug is resolved."},{"line_number":61,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"aa0b9ead_cfb6cd57","line":58,"range":{"start_line":58,"start_character":81,"end_line":58,"end_character":85},"updated":"2025-07-16 17:15:52.000000000","message":"remove \"here\"","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"9504a0f60cfae5ed8eeeff967ffc14d5fc786196","unresolved":false,"context_lines":[{"line_number":55,"context_line":""},{"line_number":56,"context_line":"        To adhere to this control point, it is required to configure ``enable-admission-plugins\u003d\"EventRateLimit\"``."},{"line_number":57,"context_line":"        But this configuration causes the API server to fail during startup due to a"},{"line_number":58,"context_line":"        longstanding issue in Kubernetes. This is a known Kubernetes bug tracked here"},{"line_number":59,"context_line":"        (Kubernetes Issue #62861, https://github.com/kubernetes/kubernetes/issues/62861)."},{"line_number":60,"context_line":"        Therefore, it is not recommended to configure this until this bug is resolved."},{"line_number":61,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"3025e2c1_19e5e632","line":58,"range":{"start_line":58,"start_character":81,"end_line":58,"end_character":85},"in_reply_to":"aa0b9ead_cfb6cd57","updated":"2025-07-16 17:53:18.000000000","message":"Done","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the |CIS| Benchmark for containers for most"},{"line_number":11,"context_line":"specifications. However, you can decide, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied."},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"CIS-1.2.11"},{"line_number":17,"context_line":"  Ensure that the admission control plugin AlwaysPullImages is set ``https://hub.armosec.io/docs/c-0123``"}],"source_content_type":"text/x-rst","patch_set":10,"id":"7b655aef_51ef273c","line":14,"range":{"start_line":11,"start_character":16,"end_line":14,"end_character":8},"updated":"2025-07-30 18:09:20.000000000","message":"REWORD ?\n\nFor some of the specifications that are not met by default, StarlingX can be configured to meet these specifications. However, these configurations may affect system performance. The related CIS Benchmark specifications and the required StarlingX configuration to comply with these specifications are documented below. Note that you should evaluate the performance impact of these configurations and your specific security and operational needs, before using such configurations in a live deployment.","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the |CIS| Benchmark for containers for most"},{"line_number":11,"context_line":"specifications. However, you can decide, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied."},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"CIS-1.2.11"},{"line_number":17,"context_line":"  Ensure that the admission control plugin AlwaysPullImages is set ``https://hub.armosec.io/docs/c-0123``"}],"source_content_type":"text/x-rst","patch_set":10,"id":"a95d2d94_68e72d0d","line":14,"range":{"start_line":11,"start_character":16,"end_line":14,"end_character":8},"in_reply_to":"7b655aef_51ef273c","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":26,"context_line":"  Ensure that a minimal audit policy is created ``https://hub.armosec.io/docs/c-0160``"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"These |CIS| specifications are not applied by default in |prod| and require you"},{"line_number":29,"context_line":"to configure them if you want strict CIS compliance. The configuration mentioned"},{"line_number":30,"context_line":"in the table below are minimal configurations required for |CIS| specifications;"},{"line_number":31,"context_line":"you should configure them according to your actual needs."},{"line_number":32,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"a36b408f_9266e2da","line":29,"range":{"start_line":29,"start_character":30,"end_line":29,"end_character":51},"updated":"2025-07-30 18:09:20.000000000","message":"to comply to these CIS specifications.","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":26,"context_line":"  Ensure that a minimal audit policy is created ``https://hub.armosec.io/docs/c-0160``"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"These |CIS| specifications are not applied by default in |prod| and require you"},{"line_number":29,"context_line":"to configure them if you want strict CIS compliance. The configuration mentioned"},{"line_number":30,"context_line":"in the table below are minimal configurations required for |CIS| specifications;"},{"line_number":31,"context_line":"you should configure them according to your actual needs."},{"line_number":32,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"dd2dc293_dc025cc1","line":29,"range":{"start_line":29,"start_character":30,"end_line":29,"end_character":51},"in_reply_to":"a36b408f_9266e2da","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":27,"context_line":""},{"line_number":28,"context_line":"These |CIS| specifications are not applied by default in |prod| and require you"},{"line_number":29,"context_line":"to configure them if you want strict CIS compliance. The configuration mentioned"},{"line_number":30,"context_line":"in the table below are minimal configurations required for |CIS| specifications;"},{"line_number":31,"context_line":"you should configure them according to your actual needs."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":".. table::"}],"source_content_type":"text/x-rst","patch_set":10,"id":"e7b85255_e6da9c8a","line":30,"range":{"start_line":30,"start_character":23,"end_line":30,"end_character":31},"updated":"2025-07-30 18:09:20.000000000","message":"example minimal","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":27,"context_line":""},{"line_number":28,"context_line":"These |CIS| specifications are not applied by default in |prod| and require you"},{"line_number":29,"context_line":"to configure them if you want strict CIS compliance. The configuration mentioned"},{"line_number":30,"context_line":"in the table below are minimal configurations required for |CIS| specifications;"},{"line_number":31,"context_line":"you should configure them according to your actual needs."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":".. table::"}],"source_content_type":"text/x-rst","patch_set":10,"id":"c78e2f7a_9cedfaf1","line":30,"range":{"start_line":30,"start_character":23,"end_line":30,"end_character":31},"in_reply_to":"e7b85255_e6da9c8a","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":45,"context_line":"    | CIS- 3.2.1               |  audit-policy-file        | Defines minimal audit policy                                                                                                           |  --audit-policy-file\u003d /etc/kubernetes/default-audit-policy.yaml          |"},{"line_number":46,"context_line":"    +--------------------------+---------------------------+----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------+"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Reference script to perform this configuration is available at"},{"line_number":49,"context_line":"``/usr/local/bin/apiserver_cis_compliance.sh``. This script can be executed"},{"line_number":50,"context_line":"from the active controller to configure API server to adhere to the |CIS|"},{"line_number":51,"context_line":"compliance guidance."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":""},{"line_number":54,"context_line":".. warning::"}],"source_content_type":"text/x-rst","patch_set":10,"id":"5b5a3177_b73f66a3","line":51,"range":{"start_line":48,"start_character":0,"end_line":51,"end_character":20},"updated":"2025-07-30 18:09:20.000000000","message":"An example of the StarlingX commands to configure these parameters can be found at /usr/local/bin/apiserver_cis_compliance.sh .   For test purposes only, this script can be executed from the active controller to configure the kube-apiserver to comply we the above mentioned CIS Benchmark specifications.","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":45,"context_line":"    | CIS- 3.2.1               |  audit-policy-file        | Defines minimal audit policy                                                                                                           |  --audit-policy-file\u003d /etc/kubernetes/default-audit-policy.yaml          |"},{"line_number":46,"context_line":"    +--------------------------+---------------------------+----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------+"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Reference script to perform this configuration is available at"},{"line_number":49,"context_line":"``/usr/local/bin/apiserver_cis_compliance.sh``. This script can be executed"},{"line_number":50,"context_line":"from the active controller to configure API server to adhere to the |CIS|"},{"line_number":51,"context_line":"compliance guidance."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":""},{"line_number":54,"context_line":".. warning::"}],"source_content_type":"text/x-rst","patch_set":10,"id":"d8f091d0_0adca94f","line":51,"range":{"start_line":48,"start_character":0,"end_line":51,"end_character":20},"in_reply_to":"5b5a3177_b73f66a3","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"}],"doc/source/security/kubernetes/configuring-system-to-cis-benchmark-for-hosts-standards-bc2c3f582895.rst":[{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"3ed41d2ccf753e566bdf3d4346a249f1e458a664","unresolved":true,"context_lines":[{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for hosts for most"},{"line_number":11,"context_line":"specifications. However, However, you can define, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied. "},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."}],"source_content_type":"text/x-rst","patch_set":2,"id":"0469f87c_f1bf75f4","line":11,"updated":"2025-07-11 12:43:22.000000000","message":"Please change \"you can define,\" to \"you can decide,\"","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"3ed41d2ccf753e566bdf3d4346a249f1e458a664","unresolved":true,"context_lines":[{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for hosts for most"},{"line_number":11,"context_line":"specifications. However, However, you can define, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied. "},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."}],"source_content_type":"text/x-rst","patch_set":2,"id":"cb303a48_49409feb","line":11,"updated":"2025-07-11 12:43:22.000000000","message":"Typo: However, However","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"c42ebd43793858ae0bb3aad974366f245c096106","unresolved":false,"context_lines":[{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for hosts for most"},{"line_number":11,"context_line":"specifications. However, However, you can define, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied. "},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."}],"source_content_type":"text/x-rst","patch_set":2,"id":"374f6ac0_0a939889","line":11,"in_reply_to":"0469f87c_f1bf75f4","updated":"2025-07-11 20:25:32.000000000","message":"Done","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"c42ebd43793858ae0bb3aad974366f245c096106","unresolved":false,"context_lines":[{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for hosts for most"},{"line_number":11,"context_line":"specifications. However, However, you can define, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied. "},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."}],"source_content_type":"text/x-rst","patch_set":2,"id":"da4ffc7f_43d149f0","line":11,"in_reply_to":"cb303a48_49409feb","updated":"2025-07-11 20:25:32.000000000","message":"Done","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"3ed41d2ccf753e566bdf3d4346a249f1e458a664","unresolved":true,"context_lines":[{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"- 1.3.1.2 Ensure AppArmor is enabled in the bootloader configuration................................. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Server.audit:37453fa9a21cc527181bdd353c220763"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"- 1.3.1.3 Ensure all AppArmor Profiles are in enforce or complain mode............................... https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Server.audit:d58a919ce4ae7c64086a0dcaa7242d0e"},{"line_number":19,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"fc7a18b5_72115072","line":16,"updated":"2025-07-11 12:43:22.000000000","message":"Please remove the extra dots (.............)\nPlease do it for all point from 1.3.1.2 to 6.4.4.4","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"c42ebd43793858ae0bb3aad974366f245c096106","unresolved":false,"context_lines":[{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"- 1.3.1.2 Ensure AppArmor is enabled in the bootloader configuration................................. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Server.audit:37453fa9a21cc527181bdd353c220763"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"- 1.3.1.3 Ensure all AppArmor Profiles are in enforce or complain mode............................... https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Server.audit:d58a919ce4ae7c64086a0dcaa7242d0e"},{"line_number":19,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"7ac8a128_ce382b02","line":16,"in_reply_to":"fc7a18b5_72115072","updated":"2025-07-11 20:25:32.000000000","message":"Done","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"3ed41d2ccf753e566bdf3d4346a249f1e458a664","unresolved":true,"context_lines":[{"line_number":86,"context_line":"Example Configuration for AppArmor"},{"line_number":87,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"You need to activate AppArmor. By default, AppArmor is disabled, but it can be"},{"line_number":90,"context_line":"enabled on a host using the CLI, as described in :ref:`enable-disable-apparmor-on-a-host-63a7a184d310`."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":".. note::"}],"source_content_type":"text/x-rst","patch_set":2,"id":"a3913349_623c921a","line":89,"updated":"2025-07-11 12:43:22.000000000","message":"Please change \"activate\" to \"enable\"","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"c42ebd43793858ae0bb3aad974366f245c096106","unresolved":false,"context_lines":[{"line_number":86,"context_line":"Example Configuration for AppArmor"},{"line_number":87,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"You need to activate AppArmor. By default, AppArmor is disabled, but it can be"},{"line_number":90,"context_line":"enabled on a host using the CLI, as described in :ref:`enable-disable-apparmor-on-a-host-63a7a184d310`."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":".. note::"}],"source_content_type":"text/x-rst","patch_set":2,"id":"633ac61e_2ea4391d","line":89,"in_reply_to":"a3913349_623c921a","updated":"2025-07-11 20:25:32.000000000","message":"Done","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"3ed41d2ccf753e566bdf3d4346a249f1e458a664","unresolved":true,"context_lines":[{"line_number":95,"context_line":"    System Engineering Guidelines."},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"To simplify the process, there is a script available that can be run from the active"},{"line_number":98,"context_line":"controller to activate AppArmor on a specific host. Run the following command:"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":".. code-block:: none"},{"line_number":101,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"e22b22ce_8f2b516d","line":98,"updated":"2025-07-11 12:43:22.000000000","message":"Please change \"activate\" to \"enable\"","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"c42ebd43793858ae0bb3aad974366f245c096106","unresolved":false,"context_lines":[{"line_number":95,"context_line":"    System Engineering Guidelines."},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"To simplify the process, there is a script available that can be run from the active"},{"line_number":98,"context_line":"controller to activate AppArmor on a specific host. Run the following command:"},{"line_number":99,"context_line":""},{"line_number":100,"context_line":".. code-block:: none"},{"line_number":101,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"fe62a2a7_1e41ebf6","line":98,"in_reply_to":"e22b22ce_8f2b516d","updated":"2025-07-11 20:25:32.000000000","message":"Done","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"3ed41d2ccf753e566bdf3d4346a249f1e458a664","unresolved":true,"context_lines":[{"line_number":121,"context_line":""},{"line_number":122,"context_line":"#.  Apply auditd configuration overrides."},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"    To align the system with CIS requirements, the ``auditd.conf`` configuration"},{"line_number":125,"context_line":"    overrides should be applied to modify the default settings. These changes can"},{"line_number":126,"context_line":"    be implemented using the system ``helm-override-update`` command following"},{"line_number":127,"context_line":"    the procedure outlined in the Auditd Configuration Overrides section in :ref:`auditd-support-339a51d8ce16` documentation."}],"source_content_type":"text/x-rst","patch_set":2,"id":"94fb9ddd_ffb50467","line":124,"updated":"2025-07-11 12:43:22.000000000","message":"auditd.conf should the link to embeeded file as provided in doc input.","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"c42ebd43793858ae0bb3aad974366f245c096106","unresolved":false,"context_lines":[{"line_number":121,"context_line":""},{"line_number":122,"context_line":"#.  Apply auditd configuration overrides."},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"    To align the system with CIS requirements, the ``auditd.conf`` configuration"},{"line_number":125,"context_line":"    overrides should be applied to modify the default settings. These changes can"},{"line_number":126,"context_line":"    be implemented using the system ``helm-override-update`` command following"},{"line_number":127,"context_line":"    the procedure outlined in the Auditd Configuration Overrides section in :ref:`auditd-support-339a51d8ce16` documentation."}],"source_content_type":"text/x-rst","patch_set":2,"id":"4c96d8d0_46f71437","line":124,"in_reply_to":"94fb9ddd_ffb50467","updated":"2025-07-11 20:25:32.000000000","message":"Done","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"6216cf905079da02935e43a0223a1f73735c9ed7","unresolved":true,"context_lines":[{"line_number":265,"context_line":"        -a always,exit -F arch\u003db64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid\u003e\u003d1000 -F auid!\u003dunset -F key\u003dperm_mod"},{"line_number":266,"context_line":"        -a always,exit -F arch\u003db32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid\u003e\u003d1000 -F auid!\u003dunset -F key\u003dperm_mod"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"**Minor Warning:**"},{"line_number":269,"context_line":""},{"line_number":270,"context_line":"The auditd system in |prod| runs in a container. As the |CIS| scanning tools"},{"line_number":271,"context_line":"validate the configurations directly on the host (not within containers), all"}],"source_content_type":"text/x-rst","patch_set":5,"id":"c936be04_829e5516","line":268,"updated":"2025-07-14 05:25:19.000000000","message":"Please check if need to provide warning something similar to warning in this page, in red color. \nhttps://docs.starlingx.io/security/kubernetes/keystone-account-roles-64098d1abdc1.html","commit_id":"4da3188ef9532114c76380220f7a8d07ce5aa405"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"e98b1ce5b8a4448657c2f065d59607c4018d1b11","unresolved":false,"context_lines":[{"line_number":265,"context_line":"        -a always,exit -F arch\u003db64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid\u003e\u003d1000 -F auid!\u003dunset -F key\u003dperm_mod"},{"line_number":266,"context_line":"        -a always,exit -F arch\u003db32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid\u003e\u003d1000 -F auid!\u003dunset -F key\u003dperm_mod"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"**Minor Warning:**"},{"line_number":269,"context_line":""},{"line_number":270,"context_line":"The auditd system in |prod| runs in a container. As the |CIS| scanning tools"},{"line_number":271,"context_line":"validate the configurations directly on the host (not within containers), all"}],"source_content_type":"text/x-rst","patch_set":5,"id":"f4f7bfa4_b2bbc1f5","line":268,"in_reply_to":"c936be04_829e5516","updated":"2025-07-14 12:23:19.000000000","message":"Done","commit_id":"4da3188ef9532114c76380220f7a8d07ce5aa405"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e8f817d7a988100f30c813a7d134f1fd76b78881","unresolved":true,"context_lines":[{"line_number":4,"context_line":".. _configuring-system-to-cis-benchmark-for-hosts-standards-bc2c3f582895:"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":7,"context_line":"Configuring System to CIS Benchmark for Hosts Standards"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for hosts for most"}],"source_content_type":"text/x-rst","patch_set":8,"id":"dbf819e6_381b9622","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":12},"updated":"2025-07-16 17:15:52.000000000","message":"Configure","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"9504a0f60cfae5ed8eeeff967ffc14d5fc786196","unresolved":false,"context_lines":[{"line_number":4,"context_line":".. _configuring-system-to-cis-benchmark-for-hosts-standards-bc2c3f582895:"},{"line_number":5,"context_line":""},{"line_number":6,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":7,"context_line":"Configuring System to CIS Benchmark for Hosts Standards"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for hosts for most"}],"source_content_type":"text/x-rst","patch_set":8,"id":"da41d111_01cd6805","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":12},"in_reply_to":"dbf819e6_381b9622","updated":"2025-07-16 17:53:18.000000000","message":"Done","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e8f817d7a988100f30c813a7d134f1fd76b78881","unresolved":true,"context_lines":[{"line_number":7,"context_line":"Configuring System to CIS Benchmark for Hosts Standards"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for hosts for most"},{"line_number":11,"context_line":"specifications. However, you can decide, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied."},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"}],"source_content_type":"text/x-rst","patch_set":8,"id":"dce12d1f_19ee9ef3","line":10,"range":{"start_line":10,"start_character":37,"end_line":10,"end_character":41},"updated":"2025-07-16 17:15:52.000000000","message":"|CIS|","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"9504a0f60cfae5ed8eeeff967ffc14d5fc786196","unresolved":false,"context_lines":[{"line_number":7,"context_line":"Configuring System to CIS Benchmark for Hosts Standards"},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the CIS Benchmark for hosts for most"},{"line_number":11,"context_line":"specifications. However, you can decide, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied."},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"}],"source_content_type":"text/x-rst","patch_set":8,"id":"b7138e5b_c2a74bf2","line":10,"range":{"start_line":10,"start_character":37,"end_line":10,"end_character":41},"in_reply_to":"dce12d1f_19ee9ef3","updated":"2025-07-16 17:53:18.000000000","message":"Done","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e8f817d7a988100f30c813a7d134f1fd76b78881","unresolved":true,"context_lines":[{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"- 1.3.1.2 Ensure AppArmor is enabled in the bootloader configuration. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Server.audit:37453fa9a21cc527181bdd353c220763"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"- 1.3.1.3 Ensure all AppArmor Profiles are in enforce or complain mode. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Server.audit:d58a919ce4ae7c64086a0dcaa7242d0e"},{"line_number":19,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"4d502b1c_357dd349","line":16,"range":{"start_line":16,"start_character":70,"end_line":16,"end_character":182},"updated":"2025-07-16 17:15:52.000000000","message":"This is a link to a reference?","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"9504a0f60cfae5ed8eeeff967ffc14d5fc786196","unresolved":false,"context_lines":[{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"- 1.3.1.2 Ensure AppArmor is enabled in the bootloader configuration. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Server.audit:37453fa9a21cc527181bdd353c220763"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"- 1.3.1.3 Ensure all AppArmor Profiles are in enforce or complain mode. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Server.audit:d58a919ce4ae7c64086a0dcaa7242d0e"},{"line_number":19,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"190c078c_c66cc054","line":16,"range":{"start_line":16,"start_character":70,"end_line":16,"end_character":182},"in_reply_to":"4d502b1c_357dd349","updated":"2025-07-16 17:53:18.000000000","message":"Yes","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e8f817d7a988100f30c813a7d134f1fd76b78881","unresolved":true,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"To comply with these |CIS| specifications, you need to do the configurations related"},{"line_number":84,"context_line":"to **AppArmor** and **Auditd** according to the following:"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"Example Configuration for AppArmor"},{"line_number":87,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":8,"id":"0a49436e_8edf23a2","line":84,"range":{"start_line":84,"start_character":31,"end_line":84,"end_character":58},"updated":"2025-07-16 17:15:52.000000000","message":"It seems we don\u0027t need this part of the text. Maybe rewrite to be more clear:\nConfigure **AppArmor** and **Auditd** to comply with these |CIS| specifications.","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"9504a0f60cfae5ed8eeeff967ffc14d5fc786196","unresolved":false,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"To comply with these |CIS| specifications, you need to do the configurations related"},{"line_number":84,"context_line":"to **AppArmor** and **Auditd** according to the following:"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"Example Configuration for AppArmor"},{"line_number":87,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":8,"id":"68f57930_8a4a2d82","line":84,"range":{"start_line":84,"start_character":31,"end_line":84,"end_character":58},"in_reply_to":"0a49436e_8edf23a2","updated":"2025-07-16 17:53:18.000000000","message":"Done","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e8f817d7a988100f30c813a7d134f1fd76b78881","unresolved":true,"context_lines":[{"line_number":105,"context_line":"Example Configuration for Auditd"},{"line_number":106,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"The |prod| provides a containerized auditd solution, while |CIS| Benchmark checks"},{"line_number":109,"context_line":"auditd configuration and rules on the host. Your configuration can be applied as"},{"line_number":110,"context_line":"specified in the following steps."},{"line_number":111,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"b3694567_39d55020","line":108,"range":{"start_line":108,"start_character":0,"end_line":108,"end_character":4},"updated":"2025-07-16 17:15:52.000000000","message":"Remove","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"9504a0f60cfae5ed8eeeff967ffc14d5fc786196","unresolved":false,"context_lines":[{"line_number":105,"context_line":"Example Configuration for Auditd"},{"line_number":106,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"The |prod| provides a containerized auditd solution, while |CIS| Benchmark checks"},{"line_number":109,"context_line":"auditd configuration and rules on the host. Your configuration can be applied as"},{"line_number":110,"context_line":"specified in the following steps."},{"line_number":111,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"5cfeb9d7_129273ed","line":108,"range":{"start_line":108,"start_character":0,"end_line":108,"end_character":4},"in_reply_to":"b3694567_39d55020","updated":"2025-07-16 17:53:18.000000000","message":"Done","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the |CIS| Benchmark for hosts for most"},{"line_number":11,"context_line":"specifications. However, you can decide, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied."},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"- 1.3.1.2 Ensure AppArmor is enabled in the bootloader configuration. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Workstation.audit:6150e4d8e2c36c243c64fe6c74da03ad"},{"line_number":17,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"6768e2f8_b30327cd","line":14,"range":{"start_line":11,"start_character":16,"end_line":14,"end_character":8},"updated":"2025-07-30 18:09:20.000000000","message":"REWORD ?\n\nFor some of the specifications that are not met by default, StarlingX can be configured to meet these specifications.  However, these configurations may affect system performance.  The related CIS Benchmark specifications and the required StarlingX configuration to comply with these specifications are documented below.  Note that you should evaluate the performance impact of these configurations and your specific security and operational needs, before using such configurations in a live deployment.","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":""},{"line_number":10,"context_line":"By default, |prod| complies with the |CIS| Benchmark for hosts for most"},{"line_number":11,"context_line":"specifications. However, you can decide, based on your operational needs"},{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied."},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"- 1.3.1.2 Ensure AppArmor is enabled in the bootloader configuration. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Workstation.audit:6150e4d8e2c36c243c64fe6c74da03ad"},{"line_number":17,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"ec771b3b_a86583e9","line":14,"range":{"start_line":11,"start_character":16,"end_line":14,"end_character":8},"in_reply_to":"6768e2f8_b30327cd","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied."},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"- 1.3.1.2 Ensure AppArmor is enabled in the bootloader configuration. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Workstation.audit:6150e4d8e2c36c243c64fe6c74da03ad"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"- 1.3.1.3 Ensure all AppArmor Profiles are in enforce or complain mode. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Workstation.audit:789ae5507200d59bd348767c3991ada0"}],"source_content_type":"text/x-rst","patch_set":10,"id":"ea9f95f6_8ef2c7cf","line":15,"updated":"2025-07-30 18:09:20.000000000","message":"Sub Heading ?    Related AppArmor CIS Benchmark Specifications:\n\nAND?\nMove this under the AppArmor SECTION below","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":12,"context_line":"and performance trade-offs, whether the following specifications will be applied."},{"line_number":13,"context_line":"These configurations may affect system performance and should be evaluated before"},{"line_number":14,"context_line":"setting."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"- 1.3.1.2 Ensure AppArmor is enabled in the bootloader configuration. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Workstation.audit:6150e4d8e2c36c243c64fe6c74da03ad"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"- 1.3.1.3 Ensure all AppArmor Profiles are in enforce or complain mode. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Workstation.audit:789ae5507200d59bd348767c3991ada0"}],"source_content_type":"text/x-rst","patch_set":10,"id":"843f3390_b9309cf0","line":15,"in_reply_to":"ea9f95f6_8ef2c7cf","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":18,"context_line":"- 1.3.1.3 Ensure all AppArmor Profiles are in enforce or complain mode. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Workstation.audit:789ae5507200d59bd348767c3991ada0"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"- 1.3.1.4 Ensure all AppArmor Profiles are enforcing. "},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"- 6.4.1.1 Ensure auditd packages are installed."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"- 6.4.1.2 Ensure auditd service is enabled and active."}],"source_content_type":"text/x-rst","patch_set":10,"id":"368c5ec1_800f5c78","line":21,"updated":"2025-07-30 18:09:20.000000000","message":"Sub Heading ? Related Auditd CIS Benchmark Specifications:\n\nAND?\nMove this under the Auditd SECTION below","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":18,"context_line":"- 1.3.1.3 Ensure all AppArmor Profiles are in enforce or complain mode. https://www.tenable.com/audits/items/CIS_Debian_Linux_11_v2.0.0_L1_Workstation.audit:789ae5507200d59bd348767c3991ada0"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"- 1.3.1.4 Ensure all AppArmor Profiles are enforcing. "},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"- 6.4.1.1 Ensure auditd packages are installed."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"- 6.4.1.2 Ensure auditd service is enabled and active."}],"source_content_type":"text/x-rst","patch_set":10,"id":"e3dfa6d7_a19eca11","line":21,"in_reply_to":"368c5ec1_800f5c78","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":80,"context_line":"- 6.4.4.4 Ensure the audit log file directory mode is configured."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Configure **AppArmor** and **Auditd** to comply with these |CIS| specifications:"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Example Configuration for AppArmor"},{"line_number":86,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":10,"id":"eaf5ef51_e5e8cca9","line":83,"range":{"start_line":83,"start_character":0,"end_line":83,"end_character":80},"updated":"2025-07-30 18:09:20.000000000","message":"REMOVE ?","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":80,"context_line":"- 6.4.4.4 Ensure the audit log file directory mode is configured."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Configure **AppArmor** and **Auditd** to comply with these |CIS| specifications:"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Example Configuration for AppArmor"},{"line_number":86,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1c30939b_7b3e3c13","line":83,"range":{"start_line":83,"start_character":0,"end_line":83,"end_character":80},"in_reply_to":"eaf5ef51_e5e8cca9","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Configure **AppArmor** and **Auditd** to comply with these |CIS| specifications:"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Example Configuration for AppArmor"},{"line_number":86,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"You need to enable AppArmor. By default, AppArmor is disabled, but it can be"}],"source_content_type":"text/x-rst","patch_set":10,"id":"61d51a07_d037fd66","line":85,"range":{"start_line":85,"start_character":0,"end_line":85,"end_character":34},"updated":"2025-07-30 18:09:20.000000000","message":"CHANGE TO ?\n\nAppArmor\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\n   Related CIS Benchmark Specifications\n   ------------------------------------\n   ...\n   \n   \n   Example Configuration for Compliance\n   ------------------------------------\n   ...","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Configure **AppArmor** and **Auditd** to comply with these |CIS| specifications:"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"Example Configuration for AppArmor"},{"line_number":86,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":87,"context_line":""},{"line_number":88,"context_line":"You need to enable AppArmor. By default, AppArmor is disabled, but it can be"}],"source_content_type":"text/x-rst","patch_set":10,"id":"51d7fad0_3279a643","line":85,"range":{"start_line":85,"start_character":0,"end_line":85,"end_character":34},"in_reply_to":"61d51a07_d037fd66","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":93,"context_line":"    Enabling AppArmor can result in some performance degradation, see |org|"},{"line_number":94,"context_line":"    System Engineering Guidelines."},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"To simplify the process, there is a script available that can be run from the active"},{"line_number":97,"context_line":"controller to enable AppArmor on a specific host. Run the following command:"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":".. code-block:: none"},{"line_number":100,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"605f31fb_3687ca9d","line":97,"range":{"start_line":96,"start_character":0,"end_line":97,"end_character":76},"updated":"2025-07-30 18:09:20.000000000","message":"REWORD\n\nAs an example or for test purposes only, see the following script which contains the commands to enable AppArmor and the commands for an example AppArmor configuration.","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":93,"context_line":"    Enabling AppArmor can result in some performance degradation, see |org|"},{"line_number":94,"context_line":"    System Engineering Guidelines."},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"To simplify the process, there is a script available that can be run from the active"},{"line_number":97,"context_line":"controller to enable AppArmor on a specific host. Run the following command:"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":".. code-block:: none"},{"line_number":100,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"df1c254f_1c79040d","line":97,"range":{"start_line":96,"start_character":0,"end_line":97,"end_character":76},"in_reply_to":"605f31fb_3687ca9d","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":101,"context_line":"    /usr/local/bin/host-cis-benchmark-apparmor-setup.sh \u003chost_name\u003e"},{"line_number":102,"context_line":""},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"Example Configuration for Auditd"},{"line_number":105,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"|prod| provides a containerized auditd solution, while |CIS| Benchmark checks"}],"source_content_type":"text/x-rst","patch_set":10,"id":"6fdc051d_f353a396","line":104,"range":{"start_line":104,"start_character":0,"end_line":104,"end_character":32},"updated":"2025-07-30 18:09:20.000000000","message":"CHANGE TO ?\n\nAuditd\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\n   Related CIS Benchmark Specifications\n   ------------------------------------\n   ...\n   \n   \n   Example Configuration for Compliance\n   ------------------------------------\n   ...","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":101,"context_line":"    /usr/local/bin/host-cis-benchmark-apparmor-setup.sh \u003chost_name\u003e"},{"line_number":102,"context_line":""},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"Example Configuration for Auditd"},{"line_number":105,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"|prod| provides a containerized auditd solution, while |CIS| Benchmark checks"}],"source_content_type":"text/x-rst","patch_set":10,"id":"6ef28b47_4551dbcd","line":104,"range":{"start_line":104,"start_character":0,"end_line":104,"end_character":32},"in_reply_to":"6fdc051d_f353a396","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":124,"context_line":"    overrides should be applied to modify the default settings. These changes can"},{"line_number":125,"context_line":"    be implemented using the system ``helm-override-update`` command following"},{"line_number":126,"context_line":"    the procedure outlined in the Auditd Configuration Overrides section in :ref:`auditd-support-339a51d8ce16` documentation."},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"    ::"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"        auditdconf: |-"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1ac92b5a_77980a88","line":127,"updated":"2025-07-30 18:09:20.000000000","message":"NOTE: The following auditd.conf file is for example or test purposes only.","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":124,"context_line":"    overrides should be applied to modify the default settings. These changes can"},{"line_number":125,"context_line":"    be implemented using the system ``helm-override-update`` command following"},{"line_number":126,"context_line":"    the procedure outlined in the Auditd Configuration Overrides section in :ref:`auditd-support-339a51d8ce16` documentation."},{"line_number":127,"context_line":""},{"line_number":128,"context_line":"    ::"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"        auditdconf: |-"}],"source_content_type":"text/x-rst","patch_set":10,"id":"0bbd05bc_395c6623","line":127,"in_reply_to":"1ac92b5a_77980a88","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"}],"doc/source/security/kubernetes/index-security-kub-81153c1254c3.rst":[{"author":{"_account_id":35510,"name":"Kailas Vitthalrao Surkar","email":"kailasvitthalrao.surkar@windriver.com","username":"kssurkar"},"change_message_id":"db1db9e7e2e60198237a6985c5aa29a8ccf0162a","unresolved":true,"context_lines":[{"line_number":399,"context_line":""},{"line_number":400,"context_line":"   create-certificates-locally-using-openssl"},{"line_number":401,"context_line":"   create-certificates-locally-using-cert-manager-on-the-controller"},{"line_number":402,"context_line":"   configuring-system-to-cis-benchmark-for-containers-standards-3df0c174ffe2"},{"line_number":403,"context_line":"   configuring-system-to-cis-benchmark-for-hosts-standards-bc2c3f582895"}],"source_content_type":"text/x-rst","patch_set":2,"id":"0cc956cc_bd37d422","line":402,"updated":"2025-07-11 12:56:34.000000000","message":"I think, the new two files should not be under \"Appendix: Locally creating certificates\"\nMay create another one \"Appendix: Configurations for CIS benchmark\".","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"c42ebd43793858ae0bb3aad974366f245c096106","unresolved":false,"context_lines":[{"line_number":399,"context_line":""},{"line_number":400,"context_line":"   create-certificates-locally-using-openssl"},{"line_number":401,"context_line":"   create-certificates-locally-using-cert-manager-on-the-controller"},{"line_number":402,"context_line":"   configuring-system-to-cis-benchmark-for-containers-standards-3df0c174ffe2"},{"line_number":403,"context_line":"   configuring-system-to-cis-benchmark-for-hosts-standards-bc2c3f582895"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3b7867ee_32203524","line":402,"in_reply_to":"0cc956cc_bd37d422","updated":"2025-07-11 20:25:32.000000000","message":"Done","commit_id":"1410559e0c4f3bcc995fb2ea1e57ebd9c9f97476"},{"author":{"_account_id":26026,"name":"Greg Waines","email":"greg.waines@windriver.com","username":"gwaines"},"change_message_id":"aabb679164fc2a716b323b371cf6022937fe7c70","unresolved":true,"context_lines":[{"line_number":408,"context_line":".. toctree::"},{"line_number":409,"context_line":"   :maxdepth: 1"},{"line_number":410,"context_line":""},{"line_number":411,"context_line":"   configuring-system-to-cis-benchmark-for-containers-standards-3df0c174ffe2"},{"line_number":412,"context_line":"   configuring-system-to-cis-benchmark-for-hosts-standards-bc2c3f582895"}],"source_content_type":"text/x-rst","patch_set":10,"id":"c0c08b5e_50531715","line":412,"range":{"start_line":411,"start_character":0,"end_line":412,"end_character":71},"updated":"2025-07-30 18:09:20.000000000","message":"I would switch order ... have hosts first then containers","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"f8284f725681f4413f607322e4f2384a0584b1da","unresolved":false,"context_lines":[{"line_number":408,"context_line":".. toctree::"},{"line_number":409,"context_line":"   :maxdepth: 1"},{"line_number":410,"context_line":""},{"line_number":411,"context_line":"   configuring-system-to-cis-benchmark-for-containers-standards-3df0c174ffe2"},{"line_number":412,"context_line":"   configuring-system-to-cis-benchmark-for-hosts-standards-bc2c3f582895"}],"source_content_type":"text/x-rst","patch_set":10,"id":"7435daa5_c8093b71","line":412,"range":{"start_line":411,"start_character":0,"end_line":412,"end_character":71},"in_reply_to":"c0c08b5e_50531715","updated":"2025-07-30 20:16:42.000000000","message":"Done","commit_id":"7a9f36036615a443cb821630a623cbcd1a112037"}],"doc/source/shared/abbrevs.txt":[{"author":{"_account_id":33342,"name":"Elisamara Aoki Gonçalves","email":"elisamaraaoki.goncalves@windriver.com","username":"egoncalv"},"change_message_id":"e8f817d7a988100f30c813a7d134f1fd76b78881","unresolved":true,"context_lines":[{"line_number":25,"context_line":".. |CA| replace:: :abbr:`CA (Certificate Authority)`"},{"line_number":26,"context_line":".. |CAs| replace:: :abbr:`CAs (Certificate Authorities)`"},{"line_number":27,"context_line":".. |CDI| replace:: :abbr:`CDI (Containerized Data Importer)`"},{"line_number":28,"context_line":".. |CIS| replace:: :abbr:`CIS (Center for Internet Security)`"},{"line_number":29,"context_line":".. |CLI| replace:: :abbr:`CLI (Command Line Interface)`"},{"line_number":30,"context_line":".. |CLIs| replace:: :abbr:`CLIs (Command Line Interfaces)`"},{"line_number":31,"context_line":".. |CNAB| replace:: :abbr:`CNAB (Cloud Native Application Bundle)`"}],"source_content_type":"text/plain","patch_set":8,"id":"ace417e2_10c46d5f","line":28,"range":{"start_line":28,"start_character":0,"end_line":28,"end_character":61},"updated":"2025-07-16 17:15:52.000000000","message":"Make sure this entry is in previous branches so the build will not break in the future.","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"},{"author":{"_account_id":37178,"name":"Suzana Barude Fernandes","display_name":"Suzana","email":"Suzana.Fernandes@windriver.com","username":"sfernand"},"change_message_id":"9504a0f60cfae5ed8eeeff967ffc14d5fc786196","unresolved":false,"context_lines":[{"line_number":25,"context_line":".. |CA| replace:: :abbr:`CA (Certificate Authority)`"},{"line_number":26,"context_line":".. |CAs| replace:: :abbr:`CAs (Certificate Authorities)`"},{"line_number":27,"context_line":".. |CDI| replace:: :abbr:`CDI (Containerized Data Importer)`"},{"line_number":28,"context_line":".. |CIS| replace:: :abbr:`CIS (Center for Internet Security)`"},{"line_number":29,"context_line":".. |CLI| replace:: :abbr:`CLI (Command Line Interface)`"},{"line_number":30,"context_line":".. |CLIs| replace:: :abbr:`CLIs (Command Line Interfaces)`"},{"line_number":31,"context_line":".. |CNAB| replace:: :abbr:`CNAB (Cloud Native Application Bundle)`"}],"source_content_type":"text/plain","patch_set":8,"id":"83eccb70_8912c610","line":28,"range":{"start_line":28,"start_character":0,"end_line":28,"end_character":61},"in_reply_to":"ace417e2_10c46d5f","updated":"2025-07-16 17:53:18.000000000","message":"I will create this entry in previous branches. Thanks for reminding me.","commit_id":"05852e6a672fdadf0196edd3b9d25bc5540ac638"}]}