Home > Workload Solutions > Container Platforms > SUSE Containers as a Service > White Papers > Rancher Prime and RKE2 Kubernetes Cluster in APEX Private Cloud with PowerProtect Data Manager > Rancher security
Kube-bench allows you to run a security scan on your Kubernetes clusters to determine whether they are deployed according to the Center for Internet Security (CIS) Kubernetes Benchmark security best practices. This scan generates a report showing the results of each test and remediation steps for any failed tests.
Rancher Prime provides two Red Hat Package Manager (RPM) packages that enable integration of Rancher products on Security-Enhanced Linux (SELinux) hosts: rancher-selinux and rke2-selinux. For details, see SELinux RPM.
The Rancher Hardening Guide is based on controls and best practices found in the CIS Kubernetes Benchmark. It provides prescriptive guidance for hardening a production installation of Rancher. Before installing Kubernetes, follow the guidance in the hardening guide to secure the nodes in your cluster.
The companion to the Rancher Hardening Guide is the Self Assessment of the CIS Kubernetes Benchmark. While the hardening guide shows you how to harden the cluster, the benchmark guide is meant to help you evaluate the level of security of the hardened cluster.
As part of its compliance evaluations, Rancher periodically hires third parties to perform security audits and penetration tests of the Rancher 2.x software stack.
For the list of Common Vulnerabilities and Exposures (CVEs) for issues that Rancher Prime has resolved, see Security Advisories and CVEs.