Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The container platform runtime must enforce the use of ports that are non-privileged.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-233074 | SRG-APP-000142-CTR-000330 | SV-233074r960966_rule | Medium |
| Description |
|---|
| Privileged ports are those ports below 1024 and that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The container platform must stop containers that try to map to these ports directly. Allowing non-privileged ports to be mapped to the container-privileged port is the allowable method when a certain port is needed. An example is mapping port 8080 externally to port 80 in the container. |
| STIG | Date |
|---|---|
| Container Platform Security Requirements Guide | 2024-05-28 |
Details
| Check Text ( C-36010r601706_chk ) |
|---|
| Review the container platform configuration and the containers within the platform by performing the following checks: 1. Verify the container platform is configured to disallow the use of privileged ports by containers. 2. Validate all containers within the container platform are using non-privileged ports. 3. Attempt to instantiate a container image that uses a privileged port. If the container platform is not configured to disallow the use of privileged ports, this is a finding. If the container platform has containers using privileged ports, this is a finding. If the container platform allows containers to be instantiated that use privileged ports, this is a finding. |
| Fix Text (F-35978r600710_fix) |
|---|
| Configure the container platform to disallow the use of privileged ports by containers. Move any containers that are using privileged ports to non-privileged ports. |