The container platform runtime must enforce the use of ports that are non-privileged.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-233074 | SRG-APP-000142-CTR-000330 | SV-233074r601707_rule | Medium |
| Description |
|---|
| Privileged ports are those ports below 1024 and that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The container platform must stop containers that try to map to these ports directly. Allowing non-privileged ports to be mapped to the container-privileged port is the allowable method when a certain port is needed. An example is mapping port 8080 externally to port 80 in the container. |
| STIG | Date |
|---|---|
| Container Platform Security Requirements Guide | 2021-12-14 |
Details
| Check Text ( C-36010r601706_chk ) |
|---|
| Review the container platform configuration and the containers within the platform by performing the following checks: 1. Verify the container platform is configured to disallow the use of privileged ports by containers. 2. Validate all containers within the container platform are using non-privileged ports. 3. Attempt to instantiate a container image that uses a privileged port. If the container platform is not configured to disallow the use of privileged ports, this is a finding. If the container platform has containers using privileged ports, this is a finding. If the container platform allows containers to be instantiated that use privileged ports, this is a finding. |
| Fix Text (F-35978r600710_fix) |
|---|
| Configure the container platform to disallow the use of privileged ports by containers. Move any containers that are using privileged ports to non-privileged ports. |