Prisma Cloud Compute Defender containers must run as root.

An XCCDF Rule

Details
Profiles

Description

In certain situations, the nature of the vulnerability scanning may be more intrusive, or the container platform component that is the subject of the scanning may contain highly sensitive information. To protect the sensitive nature of such scanning, Prisma Cloud Compute Defenders perform the vulnerability scanning function. The Defender container must run as root and not privileged.

ID: SV-253546r1050656_rule
Version: CNTR-PC-001350
Severity: Medium
References: CCI-001067
Updated: about 2 months ago

Remediation Templates

Redeploy the Defender with appropriate rights by setting "Run Defenders as privileged" to "On".

Delete the old twistlock-defender-ds daemonSet and redeploy daemonSet with the new yaml in which the securityContext - privileged = "on".

Prisma Cloud Compute Defender containers must run as root.

Description

Remediation Templates

A Manual Procedure