STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

V-253536

CAT II (Medium)

Prisma Cloud Compute Console must run as nonroot user (uid 2674).

Rule ID

SV-253536r1051115_rule

STIG

Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000764

Discussion

Containers not requiring root-level permissions must run as a unique user account. To ensure accountability and prevent unauthenticated access to containers, the user the container is using to execute must be uniquely identified and authenticated to prevent potential misuse and compromise of the system.

Check Content

Locate the node in which the Prisma Cloud Compute Console container is running. 

Determine the process owner for "app/server".

Execute: "ps -aux | grep "/app/server"

If the process is owned by root, this is a finding.

Fix Text

In the root directory of the extracted release tar file, modify the twistlock.cfg file's line:
RUN_CONSOLE_AS_ROOT=false

For Kubernetes deployment, perform these additional steps:

When generating the twistlock_console.yaml deployment file, supply the --run-as-user flag.

Linux/twistcli console export kubernetes --service-type ClusterIP --run-as-user 2674

Modify the resulting twistlock_console.yaml file to include fsGroup: 2674 within the Deployment pod specification's securityContext:
securityContext: fsGroup: 2674

Add runAsGroup: 2674 to the container specification's securityContext:
securityContext: runAsUser: 2674
runAsGroup: 2674