This is an overarching guide to further harden the security posture of a Cray System Management (CSM) system.
If a subset of the steps in this procedure were completed as a consequence of an install, upgrade, or other guidance, then it is safe to skip that subset following a review.
None.
Change passwords and credentials.
Perform procedure(s) in Change Passwords and Credentials.
Restrict access to ncn-images S3 Bucket.
Perform procedure(s) in Restrict Access to ncn-images S3 Bucket.
Limit Kubernetes Audit Log Retention.
If Kubernetes API Auditing was enabled at install, perform procedure(s) in Limit Kubernetes API Audit Log Maximum Backups.
Failure to apply the referenced configuration could result in NCN disk space exhaustion on Kubernetes Master Nodes.
Update IMS Job Access Network.
Perform procedure(s) in Update IMS Job Access Network.
(Optional) Change Keycloak OAuth token lifetime.
Perform procedure(s) in Change Keycloak token lifetime.
(Optional) Remove Kiali.
Perform procedure(s) in Remove Kiali.