The container platform runtime must enforce the use of ports that are non-privileged.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-233074 | SRG-APP-000142 | SRG-APP-000142-CTR-000330 | SV-233074r1043177_rule | 2024-12-05 | 2 |
| Description |
|---|
| Privileged ports are those ports below 1024 and that require system privileges for their use. If containers are able to use these ports, the container must be run as a privileged user. The container platform must stop containers that try to map to these ports directly. Allowing non-privileged ports to be mapped to the container-privileged port is the allowable method when a certain port is needed. An example is mapping port 8080 externally to port 80 in the container. |
| ℹ️ Check |
|---|
| Review the container platform configuration and the containers within the platform by performing the following checks: 1. Verify the container platform is configured to disallow the use of privileged ports by containers. 2. Validate all containers within the container platform are using non-privileged ports. 3. Attempt to instantiate a container image that uses a privileged port. If the container platform is not configured to disallow the use of privileged ports, this is a finding. If the container platform has containers using privileged ports, this is a finding. If the container platform allows containers to be instantiated that use privileged ports, this is a finding. |
| ✔️ Fix |
|---|
| Configure the container platform to disallow the use of privileged ports by containers. Move any containers that are using privileged ports to non-privileged ports. |