| Project Name | Vuls Scan | Lynis Scan | Kube-Hunter Scan |
|---|
| 1 | 5G MEC/Slice System to Support Cloud Gaming, HD Video and Live Broadcasting Blueprint |
|
|
|
| 2 | AI/ML and AR/VR applications at Edge |
|
|
|
| 3 | Connected Vehicle Blueprint |
|
|
|
| 4 | Edge Video Processing |
|
|
|
| 5 | ELIOT: Edge Lightweight and IoT Blueprint Family |
|
|
|
| 6 | |
|
|
|
| 7 | |
|
| The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
| 8 | |
| - Performing test ID AUTH-9229 (Check password hashing methods) ## Not possible, will impact SHA_MIN_CRYPT_ROUNDS test. Currently using maximum security hashing method SHA512
- Performing test ID USB-2000 (Check USB authorizations) ## N/A: Using cloud VMs, no baremetal involved.
- Performing test ID USB-3000 (Check for presence of USBGuard) ## N/A: Using cloud VMs, no baremetal involved.
- Test: Checking MaxSessions ## Max session set to 4, this is the bare minimum level that can be used.
- Test: Checking Port ## Can't change during testing, BluVal requires SSH to be tcp/22. This port should be changed after testing, but prior to production.
The following exceptions must be fixed prior to maturity review: - sysctl key kernel.kptr_restrict has a different value than expected in scan profile. Expected=2, Real=0
- sysctl key kernel.sysrq has a different value than expected in scan profile. Expected=0, Real=16
- sysctl key kernel.yama.ptrace_scope has a different value than expected in scan profile. Expected=1 2 3, Real=0
- sysctl key net.ipv4.conf.all.log_martians contains equal expected and current value (1)
- sysctl key net.ipv4.conf.all.send_redirects contains equal expected and current value (0)
- sysctl key net.ipv4.conf.default.accept_redirects contains equal expected and current value (0)
- sysctl key net.ipv4.conf.default.log_martians contains equal expected and current value (1)
- sysctl key net.ipv6.conf.all.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1
- sysctl key net.ipv6.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1
| The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
| 9 | Network Cloud and TF Integration Project |
|
|
|
| 10 | Integrated Cloud Native NFV/App stack family (Short term: ICN) |
|
|
|
| 11 | Integrated Edge Cloud (IEC) Blueprint Family |
|
|
|
| 12 | |
|
|
|
| 13 | |
|
|
|
| 14 | |
|
|
|
| 15 | |
|
|
|
| 16 | |
|
|
|
| 17 | Kubernetes-Native Infrastructure (KNI) Blueprint Family |
|
|
|
| 18 | Micro-MEC |
|
|
|
| 19 | The AI Edge: School/Education Video Security Monitoring |
|
|
|
| 20 | Network Cloud Blueprint Family |
|
|
|
| 21 | StarlingX Far Edge Distributed Cloud |
|
|
|
| 22 | Telco Appliance Blueprint Family |
|
|
|
| 23 | |
|
|
|
| 24 | |
|
|
|
| 25 | The AI Edge Blueprint Family |
|
|
|
| 26 | Time-Critical Edge Compute |
|
|
|
| 27 | Public Cloud Edge Interface |
|
|
|
| 28 | Enterprise Applications on Lightweight 5G Telco Edge |
|
|
|
| 29 |
|
|
|
|
| 30 |
|
|
|
|