Release of v41.1.2013 IBM Security SOAR Python Libraries to PyPi

View Only

Like

We have released v41.1.2013 of our Python Libraries for IBM Security SOAR:

No major changes have been made to the resilient library.

resilient-circuits

Replaced the Original Function template generated with codegen with a new Atomic Function template, which is a condensed version of our Original Function template. It includes comments on best practices.
To address a security vulnerability, the Dockerfile codegen template now assigns user 1001 to the non-root group 1001. User 1001 is used to run a container.

Our containers are currently ran with a non-root user 1001 but because this user is assigned the default root group and has gid=0, there is potential that some executables may assign higher privileges to this user
For better security, the user should have a custom group such as gid=1001
Our images that are hosted on quay.io have been rebuilt with this fix, however if you have your own custom images, you will need to make use of the new Dockerfile template that is generated with the resilient-sdk
NOTE: From AppHost 1.6 onwards an image where resilient-circuis is ran with a root group will no longer work. We have made changes to AppHost to only run executables with a non-root group
Option 1: To generate it automatically on for an existing App:
- Rename your Dockerfile to Dockerfile.bak
- Run:
  - $ resilient-sdk codegen -p <my-package> --reload
- A new Docker file will be generated and may need to be adjusted to meet your App's needs

Option 2: Make the changes to your Dockerfile manually:

We need to edit the Dockerfile of each app by adding:

RUN groupadd -g 1001 default && usermod -g 1001 default

just before:

RUN mkdir /var/log/${PATH_RESILIENT_CIRCUITS} && \

and the group for the log path on this line:

chgrp -R 0 /var/log/${PATH_RESILIENT_CIRCUITS} && \

is changed to:

chgrp -R 1001 /var/log/${PATH_RESILIENT_CIRCUITS} && \

0 comments

33 views