From f2b66c2e9a66bf6212e85db92716b9db8ed14575 Mon Sep 17 00:00:00 2001
From: James Blair <mail@jamesblair.net>
Date: Sun, 1 Sep 2024 13:05:48 +1200
Subject: [PATCH] Begin working on exercise 5.

---
 data/workshop/README.org    |  8 ++++----
 data/workshop/exercise4.mdx |  5 +++--
 data/workshop/exercise5.mdx | 27 +++++++++++++++++++++++++++
 3 files changed, 34 insertions(+), 6 deletions(-)
 create mode 100644 data/workshop/exercise5.mdx

diff --git a/data/workshop/README.org b/data/workshop/README.org
index 4b135e2..bff72f2 100644
--- a/data/workshop/README.org
+++ b/data/workshop/README.org
@@ -8,7 +8,7 @@ This document captures the steps required to set up an instance of the workshop.
 * Connect to the low side instance
 
 #+begin_src tmux
-ssh lab-user@3.21.229.143
+ssh lab-user@3.143.149.146
 #+end_src
 
 
@@ -16,13 +16,13 @@ ssh lab-user@3.21.229.143
 
 #+begin_src tmux
 cd /mnt/low-side-data/
-curl -L -o oc-mirror.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.19/oc-mirror.tar.gz
+curl -L -o oc-mirror.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.35/oc-mirror.tar.gz
 tar -xzf oc-mirror.tar.gz
 rm -f oc-mirror.tar.gz
 chmod +x oc-mirror
 sudo cp -v oc-mirror /bin
 curl -L -o mirror-registry.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/mirror-registry/latest/mirror-registry.tar.gz
-curl -L -o openshift-install.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.19/openshift-install-linux.tar.gz
+curl -L -o openshift-install.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.35/openshift-install-linux.tar.gz
 tar -xzf openshift-install.tar.gz openshift-install
 rm -f openshift-install.tar.gz
 curl -L -o oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.19/openshift-client-linux.tar.gz
@@ -50,7 +50,7 @@ mirror:
     channels:
     - name: stable-4.14
       type: ocp
-      minVersion: 4.14.34
+      minVersion: 4.14.35
       maxVersion: 4.14.35
   additionalImages:
   - name: registry.redhat.io/rhel8/support-tools
diff --git a/data/workshop/exercise4.mdx b/data/workshop/exercise4.mdx
index 9fb734b..6c3b6dd 100644
--- a/data/workshop/exercise4.mdx
+++ b/data/workshop/exercise4.mdx
@@ -115,9 +115,9 @@ Once the `hub-Operator-secrets-cluster-init-bundle.yaml` file has been downloade
 5. Paste the contents into the **Import YAML** text field and click the blue **Create** button.
 
 <Zoom>
-|![workshop](/static/images/compliance/central-login.gif)                       |
+|![workshop](/static/images/compliance/init-bundle-import.gif)                  |
 |:-----------------------------------------------------------------------------:|
-| *Logging into Red Hat Advanced Cluster Security dashboard*                    |
+| *Importing an init bundle into our hub cluster*                               |
 </Zoom>
 
 > Note: These init bundles contain secrets enabling a secured cluster to communicate with RHACS Central so it's important to store these securely.
@@ -187,4 +187,5 @@ After a short wait for pods to initialise in the `acs-securedcluster` namespace
 | *Hub cluster is now secured by Red Hat Advanced Cluster Security*             |
 </Zoom>
 
+If you now have Red Hat Advanced Cluster Security **Central** and **SecuredCluster** components deployed then congratulations your RHACS instance is fully deployed and you're ready to start improving your cluster security and compliance posture in Exercise 5! 🎉
 
diff --git a/data/workshop/exercise5.mdx b/data/workshop/exercise5.mdx
new file mode 100644
index 0000000..45f45a2
--- /dev/null
+++ b/data/workshop/exercise5.mdx
@@ -0,0 +1,27 @@
+---
+title: Running a cluster compliance scan
+exercise: 5
+date: '2024-09-01'
+tags: ['openshift','containers','kubernetes','disconnected']
+draft: false
+authors: ['default']
+summary: "Let's check our cluster compliance against NIST 800-53 👀"
+---
+
+We've done the work to set the OpenShift Compliance Operator and Red Hat Advanced Cluster Security up on our cluster, now let's make the most of it by using them to schedule and run a compliance scan on our cluster.
+
+For the scan we'll be using the included `NIST 800-53 Moderate-Impact Baseline for Red Hat OpenShift` and `NIST 800-53 Moderate-Impact Baseline for Red Hat OpenShift - Node level` scan profiles that are included with the OpenShift Compliance Operator.
+
+Two scan profiles are required as we need to scan both the OpenShift cluster, as well as each individual node running RHEL CoreOS.
+
+For more details on these compliance profiles please take some time to review:
+
+- https://static.open-scap.org/ssg-guides/ssg-ocp4-guide-moderate.html
+- https://static.open-scap.org/ssg-guides/ssg-ocp4-guide-moderate-node.html
+- https://docs.openshift.com/container-platform/4.14/security/compliance_operator/co-scans/compliance-operator-supported-profiles.html
+
+
+## 5.1 - Scheduling a scan
+
+There are two methods you can use to schedule Compliance Operator scans.
+