Run Docker with Non-Root Internal Users - Administrator Guide - 8 - Cortex XSOAR - Cortex

Run Docker with Non-Root Internal Users - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product

Cortex XSOAR

Version

Creation date

2024-02-14

Last date published

2024-04-25

Category

Administrator Guide

Solution

Cloud

Abstract

Run Docker with non-root internal users and for containers that do not support non-root internal users.

For additional security isolation, it is recommended to run Docker containers as non-root internal users. This follows the principle of least privilege.

Configure the engine to execute containers as non-root internal users.
1. Edit the Engine Configuration File
2. Add the following key:
  "docker.run.internal.asuser": true
3. For containers that do not support non-root internal users, add the following key:
  "docker.run.internal.asuser.ignore" : "A comma separated list of container names. The engine matches the container names according to the prefixes of the key values>"
  For example, "docker.run.internal.asuser.ignore"="demisto/python3:","demisto/python:"
  The engine matches the key values for the following containers:
```
demisto/python:1.3-alpine
demisto/python:2.7.16.373
demisto/python3:3.7.3.928
demisto/python3:3.7.4.977
```
  The : character should be used to limit the match to the full name of the container. For example, using the : character does not find demisto/python-deb:2.7.16.373.
4. Save the changes.
5. Restart the demisto service on the engine computer.
  sudo systemctl start d1
  (Ubuntu/DEB) sudo service d1 restart