Run Docker with non-root internal users and for containers that do not support non-root internal users.
For additional security isolation, we recommend running Docker containers as non-root internal users. This follows the principle of least privilege.
Configure Cortex XSOAR Server to execute containers as non-root internal users.
Select
→ → → .Add the following:
Key
Value
docker.run.internal.asuser
true
Click Save.
Reset the running containers using one of the following methods:
From the Cortex XSOAR CLI, type
/reset_containers
command.Alternatively, restart the Cortex XSOAR Server.
From the Cortex XSOAR CLI, type the following command to check if the container is running as a non-root internal user:
!py script="import os;print(os.getuid())"
If the server configuration was added successfully and the container is running with a non-root internal user, the output is a non-zero UID.
If the server configuration was not configured correctly and the container is running with an internal root user, the output is
0
.
For containers that do not support non-root internal users.
Select
→ → → .Add the following:
Key
Value
docker.run.internal.asuser.ignore
A CSV list of container names. The Cortex XSOAR server matches the container names according to the prefixes of the key values.
For example,
docker.run.internal.asuser.ignore=demisto/python3:,demisto/python:
The Cortex XSOAR server matches the key values for the following containers:
demisto/python:1.3-alpine
demisto/python:2.7.16.373
demisto/python3:3.7.3.928
demisto/python3:3.7.4.977
The
:
character should be used to limit the match to the full name of the container. For example, using the:
character does not finddemisto/python-deb:2.7.16.373
.