From e578e922a402bb584b7cc9e13e146be79bfe33be Mon Sep 17 00:00:00 2001 From: CamrynCarter Date: Mon, 7 Oct 2024 11:04:18 -0700 Subject: [PATCH 1/2] update intro --- docs/stigatron-docs/introduction.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/stigatron-docs/introduction.md b/docs/stigatron-docs/introduction.md index 4fd959e..cca1b08 100644 --- a/docs/stigatron-docs/introduction.md +++ b/docs/stigatron-docs/introduction.md @@ -1,22 +1,22 @@ # Introduction -This page will walk through Installation and Usage of the STIGATRON component of Rancher Government Carbide. +This section will walk through installation and usage of the STIGATRON component of Rancher Government Carbide. -## IOC Expectations +## What is STIGATRON? -As our product is still at Initial Operation Capability (IOC), there are some expectations to level-set: +Our Federal/Government-driven Kubernetes Distribution, RKE2, is the first Kubernetes distribution outside of the upstream project to obtain full DISA STIG Certification. -- Installation and packaging is still in progress and improving. +STIGATRON was developed to alleviate the pain points of traditional management and maintenance of assessing system compliance, with features including: -If you see issues and areas for improvement, please submit Github issues [here](https://github.com/rancherfederal/carbide-charts/issues). +1. STIGATRON provides the ability to perform a real-time scan against all downstream clusters being managed by Rancher. +2. These scans will provide a mapping of the current state of the cluster against the controls with the RKE2 DISA STIG. +3. Users can visualize the results of these scans from the Rancher UI by accessing the MITRE Heimdall2 interface. This provides current compliance status, tree maps mapping to NIST 800-53 controls, and a detailed breakdown of each check performed, including the commands executed, the output of those commands, and what steps can be performed to mitigate any failures. +4. Users can also export the scan results into the common formats required by Cyber Systems within the federal space. This includes `XCCDF` and `results.json`. -## What is this? +## IOC Expectations -With our Federal/Government driven Kubernetes Distribution RKE2, we worked dilligently to provide the first Kubernetes distribution outside of the upstream project to obtain full DISA STIG Certification. +As our product is still at Initial Operation Capability (IOC), there are some expectations to level-set: -While having the STIG provides immense benefits to our customers, we also wanted to improve the UX around working with that STIG. That is why we developed STIGATRON. STIGATRON will give our users capabilities that alleviate a lot of the pain points that go with traditional management of maintaining and assessing compliance of your systems: +- Installation and packaging is still in progress and improving. -1. STIGATRON provides the ability to perform a real-time scan against all downstream clusters being managed by the Rancher Multi-cluster Manager. -2. These scans will provide a mapping of the current state of the cluster against the controls with the RKE2 DISA STIG. -3. Users can visualize the results of these scans from the Rancher UI by access the MITRE Heimdall2 interface. This provides current compliance status, tree maps mapping to NIST 800-53 controls, and a detailed breakdown of each check performed, including the commands executed, the output of those commands, and what steps can be performed to mitigate any failures. -4. Users can also export the scan results into the common formats required by Cyber Systems within the federal space. This includes `XCCDF` and `results.json`. +If you see issues and areas for improvement, please submit Github issues [here](https://github.com/rancherfederal/carbide-charts/issues). From f82d1e69a5fbbec5fed7e5e014ff376a9e4c6b23 Mon Sep 17 00:00:00 2001 From: CamrynCarter Date: Mon, 7 Oct 2024 11:14:07 -0700 Subject: [PATCH 2/2] formatting and uninstall blank step fix --- docs/stigatron-docs/create-scan.md | 6 +++--- docs/stigatron-docs/installation.md | 4 ++-- docs/stigatron-docs/uninstall.md | 9 +++++---- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/docs/stigatron-docs/create-scan.md b/docs/stigatron-docs/create-scan.md index 5b66645..15e9c66 100644 --- a/docs/stigatron-docs/create-scan.md +++ b/docs/stigatron-docs/create-scan.md @@ -1,14 +1,14 @@ # Creating STIGATRON Scans -1. After installing STIGATRON on your downstream cluster, when you navigate to that downstream cluster, you should see STIGATRON on the left navigation menu. Click there. +1. After installing STIGATRON on your downstream cluster, when you navigate to that downstream cluster, you should see `STIGATRON` on the left navigation menu. Click there. ![STIGATRON Menu Selection](/img/stigatron/stigatron-menu.png) -2. To trigger a scan, click Create in the upper left, create a name, select a profile, and click Create +2. To trigger a scan, click `Create` in the upper left, enter a name, select a profile, and click `Create`. ![Create A Scan](/img/stigatron/create-scan.png) -3. After the scan runs (should only take a few minutes at most), click the 3-dot menu next to the scan and go to Open Visualizer. This will give you insight into the current state of your cluster in relation to the RKE2 STIG. +3. After the scan runs (should only take a few minutes at most), click the 3-dot menu next to the scan and go to `Open Visualizer`. This will give you insight into the current state of your cluster in relation to the RKE2 STIG. ![Open Visualizer](/img/stigatron/open-visualizer.png) diff --git a/docs/stigatron-docs/installation.md b/docs/stigatron-docs/installation.md index 34f8ed7..af8732d 100644 --- a/docs/stigatron-docs/installation.md +++ b/docs/stigatron-docs/installation.md @@ -4,9 +4,9 @@ ### Enabling UI Extensions -On the `local` cluster running Rancher MCM, you'll need to first enable Extensions. +On the `local` cluster running Rancher, you'll need to first enable Extensions. -1. Log into the Rancher MCM as an administrator. +1. Log into Rancher as an administrator. 2. Click the menu in the upper-left of the main dashboard and click the `Extensions` link near the bottom. 3. Click the `Enable` button on the Extensions screen. 4. Click `Ok`, when prompted to Enable Extension Support. diff --git a/docs/stigatron-docs/uninstall.md b/docs/stigatron-docs/uninstall.md index 0c36ab2..b2736fd 100644 --- a/docs/stigatron-docs/uninstall.md +++ b/docs/stigatron-docs/uninstall.md @@ -2,7 +2,7 @@ ## Local Cluster -On the `local` cluster running Rancher MCM, run the following Helm command to remove the UI Extension. +On the `local` cluster running Rancher, run the following Helm command to remove the UI Extension. ```bash helm uninstall -n carbide-stigatron-system stigatron-ui @@ -20,7 +20,7 @@ helm uninstall -n carbide-stigatron-system stigatron If you want to uninstall CIS Benchmark, after uninstall STIGATRON, perform the following: -1. Log into the Rancher MCM. +1. Log into Rancher. 2. In the UI, navigate to each downstream cluster in the Cluster Explorer. 3. On the left menu, select `Apps`, then select `Installed Apps`. 4. Find the app named `rancher-cis-benchmark`, select the 3-dot menu on the right, and select `Delete`. (IMPORTANT: Delete this before the CRD application) @@ -28,6 +28,7 @@ If you want to uninstall CIS Benchmark, after uninstall STIGATRON, perform the f ## Disable UI Extensions (Optional) -If you want to disable UI Extensions, after uninstall STIGATRON UI, perform the following: +If you want to [disable all UI Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions#uninstalling-extensions) after uninstalling the STIGATRON UI extension, perform the following: -### TODO: List +1. On the extensions management page in Rancher, click the 3-dot menu. +2. Select `Disable Extension Support`.