Run Docker with Non-Root Internal Users - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2024-02-14
Last date published
2024-06-20
Category
Administrator Guide
Solution
Cloud
Abstract

Run Docker with non-root internal users and for containers that do not support non-root internal users.

For additional security isolation, it is recommended to run Docker containers as non-root internal users. This follows the principle of least privilege.

  • Configure the engine to execute containers as non-root internal users.

    1. Edit the Engine Configuration File

    2. Add the following key:

      "docker.run.internal.asuser": true

    3. For containers that do not support non-root internal users, add the following key:

      "docker.run.internal.asuser.ignore" : "A comma separated list of container names. The engine matches the container names according to the prefixes of the key values>"

      For example, "docker.run.internal.asuser.ignore"="demisto/python3:","demisto/python:"

      The engine matches the key values for the following containers:

      demisto/python:1.3-alpine
      demisto/python:2.7.16.373
      demisto/python3:3.7.3.928
      demisto/python3:3.7.4.977

      The : character should be used to limit the match to the full name of the container. For example, using the : character does not find demisto/python-deb:2.7.16.373.

    4. Save the changes.

    5. Restart the demisto service on the engine computer.

      sudo systemctl start d1

      (Ubuntu/DEB) sudo service d1 restart