Create a SCC as described in the OpenShift documentation, ensuring that the Allow Privileged field is set to false.
Create a SCC as described in the OpenShift documentation, ensuring that the Allow Host PID field is set to false.
Create a SCC as described in the OpenShift documentation, ensuring that the Allow Host IPC field is set to false.
Create a SCC as described in the OpenShift documentation, ensuring that the Allow Host Network field is omitted or set to false.
Create a SCC as described in the OpenShift documentation, ensuring that the Allow Privilege Escalation field is omitted or set to false.
None required. By default, OpenShift includes the non-root SCC with the the Run As User Strategy is set to either MustRunAsNonRoot. If additional SCCs are appropriate, follow the OpenShift documentation to create custom SCCs.
Create a SCC as described in the OpenShift documentation, ensuring that the Required Drop Capabilities is set to include either NET_RAW or ALL.
Ensure that Allowed Capabilities is set to an empty array for every SCC in the cluster except for the privileged SCC.
Review the use of capabilites in applications running on your cluster. Where a namespace contains applicaions which do not require any Linux capabities to operate consider adding a SCC which forbids the admission of containers which do not drop all capabilities.