Scan results for 22.06.224
OpenSCAP and vulnerability scan report:
- Prisma Cloud Compute release: 22.06 Update3 (22.06.224)
- Base image: registry.access.redhat.com/ubi8/ubi-minimal:8.6
- Benchmark URL: scap-security-guide-0.1.64/ssg-rhel8-ds-1.2.xml
- Benchmark ID: xccdf_org.ssgproject.content_benchmark_RHEL-8
- Profile ID: xccdf_org.ssgproject.content_profile_stig
- Compared to IronBank’s UBI8-minimal, Version 8.7, Build Date: 2022-11-10T23:22:18.221Z
twistlock/private:console_22_06_224
Findings for Prisma Cloud Compute Console.
OpenSCAP report
You can find the OpenSCAP report here
Rule_ID | Compute finding | IronBank finding | Justification |
|---|---|---|---|
xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy | Fail | Pass | ssh service is not running, ae256 and 128 configured. |
xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_opensshserver_conf_crypto_policy | Fail | Pass | ssh service is not running. |
xccdf_org.ssgproject.content_rule_harden_sshd_macs_openssh_conf_crypto_policy | Fail | Pass | ssh service is not running. |
xccdf_org.ssgproject.content_rule_harden_sshd_macs_opensshserver_conf_crypto_policy | Fail | Pass | ssh service is not running. |
xccdf_org.ssgproject.content_rule_accounts_authorized_local_users | Fail | Pass | local accounts include: twistlock = non-root account for service, mongod = mongoDB database & saslauth = authentication libraries. Application is a non-interactive container. There is no interactive console session with the container. |
oval:ssg-accounts_umask_etc_csh_cshrc:def:1 | Fail | Pass | Umask 027. Application is a non-interactive container. There is no interactive console session with the container. |
oval:ssg-accounts_umask_etc_profile:def:1 | Fail | Pass | Umask 027. Application is a non-interactive container. There is no interactive console session with the container. |
oval:ssg-accounts_umask_etc_bashrc:def:1 | Fail | Pass | Umask 027. Application is a non-interactive container. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_configure_crypto_policy | Fail | Pass | FIPS 140-2 Level1 validation / enforcement will be available in the next major release. |
xccdf_org.ssgproject.content_rule_configure_gnutls_tls_crypto_policy | Fail | Pass | Only GoLang TLS cipher suites are implemented. |
Vulnerabilities full report
You can find the full vulnerabilities report here.
CVE | Package | Version | Fix Status | Justification |
|---|---|---|---|---|
CVE-2022-36085 | github.com/open-policy-agent/opa | v0.42.1 | fixed in v0.43.1 | To be patched in the next release. |
CVE-2016-3709 | libxml2 | 2.9.7-13.el8_6.1 | fixed in 2.9.7-15.el8 | To be patched in the next release. |
CVE-2022-1304 | libcom_err | 1.45.6-4.el8 | fixed in 1.45.6-5.el8 | To be patched in the next release. |
twistlock/private:defender_22_06_224
Findings for Prisma Cloud Compute Defender.
OpenSCAP report
You can find the OpenSCAP report here.
Rule_ID | Compute finding | IronBank finding | Justification |
|---|---|---|---|
xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy | Fail | Pass | ssh service is not running, ae256 and 128 configured. |
xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_opensshserver_conf_crypto_policy | Fail | Pass | ssh service is not running. |
xccdf_org.ssgproject.content_rule_harden_sshd_macs_openssh_conf_crypto_policy | Fail | Pass | ssh service is not running. |
xccdf_org.ssgproject.content_rule_harden_sshd_macs_opensshserver_conf_crypto_policy | Fail | Pass | ssh service is not running. |
oval:ssg-accounts_umask_etc_csh_cshrc:def:1 | Fail | Pass | Umask 027. Application is a non-interactive container. There is no interactive console session with the container. |
oval:ssg-accounts_umask_etc_profile:def:1 | Fail | Pass | Umask 027. Application is a non-interactive container. There is no interactive console session with the container. |
oval:ssg-accounts_umask_etc_bashrc:def:1 | Fail | Pass | Umask 027. Application is a non-interactive container. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_configure_crypto_policy | Fail | Pass | FIPS 140-2 Level1 validation / enforcement will be available in the next major release. |
xccdf_org.ssgproject.content_rule_configure_gnutls_tls_crypto_policy | Fail | Pass | Only GoLang TLS cipher suites are implemented. |
Vulnerabilities full report
You can find the full vulnerabilities report here.
CVE | Package | Version | Fix Status | Justification |
|---|---|---|---|---|
CVE-2022-36085 | github.com/open-policy-agent/opa | v0.42.1 | fixed in v0.43.1 | To be patched in the next release. |
CVE-2016-3709 | libxml2 | 2.9.7-13.el8_6.1 | fixed in 2.9.7-15.el8 | To be patched in the next release. |
CVE-2022-1304 | libcom_err | 1.45.6-4.el8 | fixed in 1.45.6-5.el8 | To be patched in the next release. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.
