Prisma Cloud Compute must use TCP ports above 1024.

An XCCDF Rule

Description

Privileged ports are ports below 1024 that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The container platform must stop containers that try to map to these ports directly. Allowing nonprivileged ports to be mapped to the container-privileged port is the allowable method when a certain port is needed. Prisma Cloud Compute default TCP ports are 8083 (Console UI and API) and 8084 (Console-to-Defender communication). To use TCP ports below 1024, the Console would have to be configured to use privileged ports.

ID: SV-253534r1043177_rule
Version: CNTR-PC-000500
Severity: Medium
References: CCI-000382
Updated: about 2 months ago

Remediation Templates

For Kubernetes deployment:

Edit the deployment.apps/twistlock-console.

Find the - name: TargetPorts below 1024.
Change to port number above 1024.

Save and exit the editing session. The Console will restart automatically.

For Docker deployment:

Modify the twistlock.cfg located in the extracted release tar directory.

Change any port assignment below 1024 to above 1024:
MANAGEMENT_PORT_HTTP=
MANAGEMENT_PORT_HTTPS=8083
COMMUNICATION_PORT=8084

Redeploy the Console using the twistlock.sh script in the extracted release tar directory:
$ sudo ./twisltock.sh -sy onebox

Prisma Cloud Compute must use TCP ports above 1024.

Description

Remediation Templates

A Manual Procedure