UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The container platform runtime must enforce the use of ports that are non-privileged.


Overview

Finding ID Version Rule ID IA Controls Severity
V-233074 SRG-APP-000142-CTR-000330 SV-233074r601707_rule Medium
Description
Privileged ports are those ports below 1024 and that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The container platform must stop containers that try to map to these ports directly. Allowing non-privileged ports to be mapped to the container-privileged port is the allowable method when a certain port is needed. An example is mapping port 8080 externally to port 80 in the container.
STIG Date
Container Platform Security Requirements Guide 2021-06-16

Details

Check Text ( C-36010r601706_chk )
Review the container platform configuration and the containers within the platform by performing the following checks:

1. Verify the container platform is configured to disallow the use of privileged ports by containers.
2. Validate all containers within the container platform are using non-privileged ports.
3. Attempt to instantiate a container image that uses a privileged port.

If the container platform is not configured to disallow the use of privileged ports, this is a finding.

If the container platform has containers using privileged ports, this is a finding.

If the container platform allows containers to be instantiated that use privileged ports, this is a finding.
Fix Text (F-35978r600710_fix)
Configure the container platform to disallow the use of privileged ports by containers. Move any containers that are using privileged ports to non-privileged ports.