Run Docker with Non-Root Internal Users
Run Docker with non-root internal users and for containers
that do not support non-root internal users. Cortex XSOAR. Docker
security. Docker hardening.
For additional security isolation, we recommend
running Docker containers as non-root internal users. This follows
the principle of least privilege.
- Configure Cortex XSOAR Server to execute containers as non-root internal users.
- Select .
- Add the following:KeyValuedocker.run.internal.asusertrue
- ClickSave.
- Reset the running containers using one of the following methods:From the Cortex XSOAR CLI, type/reset_containerscommand.Alternatively, restart the Cortex XSOAR Server.
- From the Cortex XSOAR CLI, type the following command to check if the container is running as a non-root internal user:!py script="import os;print(os.getuid())"If the server configuration was added successfully and the container is running with a non-root internal user, the output is a non-zero UID.
If the server configuration was not configured correctly and the container is running with an internal root user, the output is0.
- For containers that do not support non-root internal users.
- Select .
- Add the following:KeyValuedocker.run.internal.asuser.ignoreA CSV list of container names. The Cortex XSOAR server matches the container names according to the prefixes of the key values.For example,docker.run.internal.asuser.ignore=demisto/python3:,demisto/python:The Cortex XSOAR server matches the key values for the following containers:demisto/python:1.3-alpinedemisto/python:2.7.16.373demisto/python3:3.7.3.928demisto/python3:3.7.4.977The:character should be used to limit the match to the full name of the container. For example, using the:character does not finddemisto/python-deb:2.7.16.373.
