UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Prisma Cloud Compute Defender containers must run as root.


Overview

Finding ID Version Rule ID IA Controls Severity
V-253546 CNTR-PC-001350 SV-253546r840476_rule Medium
Description
In certain situations, the nature of the vulnerability scanning may be more intrusive, or the container platform component that is the subject of the scanning may contain highly sensitive information. To protect the sensitive nature of such scanning, Prisma Cloud Compute Defenders perform the vulnerability scanning function. The Defender container must run as root and not privileged.
STIG Date
Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide 2022-08-24

Details

Check Text ( C-56998r840474_chk )
Verify that when deploying the Defender via daemonSet, "Run Defenders as privileged" is set to "On".

Verify the Defender containers were deployed using the daemonSet.yaml in which the securityContext is privileged.

If "Run Defenders as privileged" is not set to "On" or the Defender containers were not deployed using the daemonSet.yaml in which the securityContext - privileged = "on", this is a finding.
Fix Text (F-56949r840475_fix)
Redeploy the Defender with appropriate rights by setting Run Defenders as privileged = off.

Delete old twistlock-defender-ds daemonSet and redeploy daemonSet with the new yaml.