Scan results for 22.12.415

OpenSCAP and vulnerability scan report:
  • Prisma Cloud Compute release: 22.12 (22.12.415)
  • Base image: registry.access.redhat.com/ubi8/ubi-minimal:8.7
  • Benchmark URL: scap-security-guide-0.1.62/ssg-rhel8-ds.xml
  • Benchmark ID: xccdf_org.ssgproject.content_benchmark_RHEL-8
  • Profile ID: xccdf_org.ssgproject.content_profile_stig
  • Compared to IronBank’s UBI8-minimal, Version 8.7, Build Date: 2022-12-11

twistlock/private:console_22_12_415

Findings for Prisma Cloud Compute Console.

OpenSCAP report

You can find the OpenSCAP report here
Rule_ID
Compute finding
IronBank finding
Justification
xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy
Fail
Pass
ssh service is not running, ae256 and 128 configured.
xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_opensshserver_conf_crypto_policy
Fail
Pass
ssh service is not running.
xccdf_org.ssgproject.content_rule_harden_sshd_macs_openssh_conf_crypto_policy
Fail
Pass
ssh service is not running.
xccdf_org.ssgproject.content_rule_harden_sshd_macs_opensshserver_conf_crypto_policy
Fail
Pass
ssh service is not running.
xccdf_org.ssgproject.content_rule_accounts_authorized_local_users
Fail
Pass
local accounts include: twistlock = non-root account for service, mongod = mongoDB database & saslauth = authentication libraries. Application is a non-interactive container. There is no interactive console session with the container.
oval:ssg-accounts_umask_etc_csh_cshrc:def:1
Fail
Pass
Umask 027. Application is a non-interactive container. There is no interactive console session with the container.
oval:ssg-accounts_umask_etc_profile:def:1
Fail
Pass
Umask 027. Application is a non-interactive container. There is no interactive console session with the container.
oval:ssg-accounts_umask_etc_bashrc:def:1
Fail
Pass
Umask 027. Application is a non-interactive container. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_configure_crypto_policy
Fail
Pass
FIPS 140-2 Level1 validation / enforcement is available
xccdf_org.ssgproject.content_rule_configure_gnutls_tls_crypto_policy
Fail
Pass
Only GoLang TLS cipher suites are implemented.

Vulnerabilities full report

You can find the full vulnerabilities report here.
CVE
Package
Version
Fix Status
Justification
CVE-2022-23471
github.com/containerd/containerd
v1.6.8
Fixed in: 1.6.12, 1.5.16
To be patched in next update
CVE-2022-23471
Go
1.19.3
Fixed in: 1.19.4, 1.18.9
To be patched in next update

twistlock/private:defender_22_12_415

Findings for Prisma Cloud Compute Defender.

OpenSCAP report

You can find the OpenSCAP report here.
Rule_ID
Compute finding
IronBank finding
Justification
xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy
Fail
Pass
ssh service is not running, ae256 and 128 configured.
xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_opensshserver_conf_crypto_policy
Fail
Pass
ssh service is not running.
xccdf_org.ssgproject.content_rule_harden_sshd_macs_openssh_conf_crypto_policy
Fail
Pass
ssh service is not running.
xccdf_org.ssgproject.content_rule_harden_sshd_macs_opensshserver_conf_crypto_policy
Fail
Pass
ssh service is not running.
oval:ssg-accounts_umask_etc_csh_cshrc:def:1
Fail
Pass
Umask 027. Application is a non-interactive container. There is no interactive console session with the container.
oval:ssg-accounts_umask_etc_profile:def:1
Fail
Pass
Umask 027. Application is a non-interactive container. There is no interactive console session with the container.
oval:ssg-accounts_umask_etc_bashrc:def:1
Fail
Pass
Umask 027. Application is a non-interactive container. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_configure_crypto_policy
Fail
Pass
FIPS 140-2 Level1 validation / enforcement is available.
xccdf_org.ssgproject.content_rule_configure_gnutls_tls_crypto_policy
Fail
Pass
Only GoLang TLS cipher suites are implemented.

Vulnerabilities full report

You can find the full vulnerabilities report here.
CVE
Package
Version
Fix Status
Justification
CVE-2022-23471
github.com/containerd/containerd
v1.6.8
Fixed in: 1.6.12, 1.5.16
To be patched in next update
CVE-2022-23471
Go
1.19.3
Fixed in: 1.19.4, 1.18.9
To be patched in next update

Recommended For You