Prisma Cloud Compute must use TCP ports above 1024.

An XCCDF Rule

Description

<VulnDiscussion>Privileged ports are ports below 1024 that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The container platform must stop containers that try to map to these ports directly. Allowing nonprivileged ports to be mapped to the container-privileged port is the allowable method when a certain port is needed. Prisma Cloud Compute default TCP ports are 8083 (Console UI and API) and 8084 (Console-to-Defender communication). To use TCP ports below 1024, the Console would have to be configured to use privileged ports.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-253534r960966_rule
Severity: Medium
References: CCI-000382
Updated: 17 days ago

For Kubernetes deployment:

Edit the deployment.apps/twistlock-console.

Find the - name: TargetPorts below 1024.
Change to port number above 1024.

Save and exit the editing session. The Console will restart automatically.

For Docker deployment:

Modify the twistlock.cfg located in the extracted release tar directory.

Change any port assignment below 1024 to above 1024:
MANAGEMENT_PORT_HTTP=
MANAGEMENT_PORT_HTTPS=8083
COMMUNICATION_PORT=8084

Redeploy the Console using the twistlock.sh script in the extracted release tar directory:
$ sudo ./twisltock.sh -sy onebox

Prisma Cloud Compute must use TCP ports above 1024.

Description

Remediation - Manual Procedure