UCF STIG Viewer Logo

Prisma Cloud Compute must use TCP ports above 1024.


Finding ID Version Rule ID IA Controls Severity
V-253534 CNTR-PC-000500 SV-253534r840440_rule Medium
Privileged ports are ports below 1024 that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The container platform must stop containers that try to map to these ports directly. Allowing nonprivileged ports to be mapped to the container-privileged port is the allowable method when a certain port is needed. Prisma Cloud Compute default TCP ports are 8083 (Console UI and API) and 8084 (Console-to-Defender communication). To use TCP ports below 1024, the Console would have to be configured to use privileged ports.
Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide 2022-08-24


Check Text ( C-56986r840438_chk )
For Kubernetes deployment:

Query the ports used by the twistlock-console service:
$ kubectl describe svc twistlock-console -n twistlock

If any port number is below 1024, this is a finding.

For Docker deployment:

Determine the name of the Console container:
docker ps|grep console

For example, the Console container is: ad8b41a2fec9

Inspect the container's PortBindings:
docker inspect ad8b41a2fec9|grep PortBindings -A 20

If the port is below 1024, this is a finding.
Fix Text (F-56937r840439_fix)
For Kubernetes deployment:

Edit the deployment.apps/twistlock-console.

Find the - name: TargetPorts below 1024.

Change to port number above 1024.

Save and exit the editing session. The Console will restart automatically.

For Docker deployment:

Modify the twistlock.cfg located in the extracted release tar directory.

Change any port assignment below 1024 to above 1024:

Redeploy the Console using the twistlock.sh script in the extracted release tar directory:
$ sudo ./twisltock.sh -sy onebox