Scan results for 21.04.412
OpenSCAP and vulnerability scan report:
- Prisma Cloud Compute release: 21.04 (21.04.412)
- Base image: registry.access.redhat.com/ubi8/ubi-minimal:8.3-291
- Benchmark URL: scap-security-guide-0.1.54/ssg-rhel8-ds.xml
- Benchmark ID: xccdf_org.ssgproject.content_benchmark_RHEL-8
- Profile ID: xccdf_org.ssgproject.content_profile_stig
- Compared to IronBank’s UBI8-minimal, Version 8.3 - Conditionally Approved, Build Date: 2021-04-28T14:08:19.203Z
twistlock/private:console_21_04_412
Findings for Prisma Cloud Compute Console.
Note: There is a large discrepancy in the OpenSCAP findings for this release due to the late addition of the systemd-pam package.
These "Protect Accounts by Configuring PAM" findings will be corrected in the next release update.
There is no interactive console session with the container and these settings are not implemented.
OpenSCAP report
You can find the report here.
Rule_ID | Compute finding | IronBank finding | Justification |
|---|---|---|---|
xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy | Pass | Fail | /etc/pki/tls/openssl.cnf configured according to check |
xccdf_org.ssgproject.content_rule_banner_etc_issue | Fail | Pass | Application is a non-interactive container. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_enforce_local | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_difok | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_root | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_local | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_disable_users_coredumps | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
twistlock/private:defender_21_04_412
Findings for Prisma Cloud Compute Defender.
OpenSCAP report
You can find the report here.
Rule_ID | Compute finding | IronBank finding | Justification |
|---|---|---|---|
xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy | Pass | Fail | /etc/pki/tls/openssl.cnf configured according to check |
xccdf_org.ssgproject.content_rule_banner_etc_issue | Fail | Pass | Application is a non-interactive container. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_enforce_local | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_difok | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_root | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_local | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_disable_users_coredumps | Fail | notapplicable | To be corrected in the next release update. There is no interactive console session with the container. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.
