Examples of configured runtime profiles

Support

Support for business applications

Kaspersky Container Security

Managing container runtime profiles

Examples of configured runtime profiles

March 27, 2024

ID 265052

The table below presents a few of the images that are most frequently used by the application, and the settings for their configured restrictions in runtime profiles.

Images and their configured settings

Image name	Restrict container executable modules	Restrict network connections
Nginx	Allowed executable file: `/usr/sbin/nginx`	Block outbound connections
Mysql	Allowed executable files: `/usr/bin/awk` `/bin/sleep` `/usr/bin/mawk` `/bin/mkdir` `/usr/bin/mysql` `/bin/chown` `/usr/bin/mysql_tzinfo_to_sql` `/bin/bash` `/bin/sed` `/usr/sbin/mysqld`	Block outbound connections
Wordpress	Allowed executable files: `/bin/dash` `/usr/bin/mawk` `/usr/bin/cut` `/bin/bash` `/usr/local/bin/php` `/usr/bin/head` `/usr/bin/sha1sum` `/bin/tar` `/bin/sed` `/bin/rm` `/usr/bin/awk` `/bin/sh` `/usr/sbin/apache2` `/bin/chown` `/usr/local/bin/apache2-foreground` `/bin/ls` `/bin/cat`
Node	Allowed executable file: `/usr/local/bin/node`	Block outbound connections
MongoDB	Allowed executable files: `/bin/chown` `/usr/local/bin/gosu` `/usr/bin/mongod` `/usr/bin/mongos` `/usr/bin/mongo` `/usr/bin/id` `/bin/bash` `/usr/bin/numactl` `/bin/dash` `/bin/sh`
HAProxy	Allowed executable files: `/bin/dash` `/usr/bin/which` `/usr/local/sbin/haproxy` `/bin/busyboxal/sbin/haproxy-systemd-wrapper` `/usr/loc`
Hipache	Allowed executable files: `/usr/bin/python2.7` `/usr/bin/nodejs` `/usr/bin/redis-server` `/bin/dash` `/usr/local/bin/hipache`
Drupal	Allowed executable files: `/bin/bash` `/bin/rm` `/usr/sbin/apache2`
Redis	Allowed executable files: `/bin/bash` `/bin/chown` `/usr/local/bin/gosu` `/usr/bin/id` `/usr/local/bin/redis-server` `/bin/sh` `/bin/dash` `/sbin/redis-cli` `/bin/redis-cli` `/usr/sbin/redis-cli` `/usr/bin/redis-cli` `/usr/local/sbin/redis-cli` `/usr/local/bin/redis-cli` `/bin/busybox`	Block outbound connections
Tomcat	Allowed executable files: `/usr/bin/tty` `/bin/uname` `/usr/bin/dirname` `/usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java` `/bin/dash` `/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java`	Block outbound connections
Celery	Allowed executable files: `/bin/dash` `/sbin/ldconfig` `/bin/uname` `/usr/local/bin/python3.4` `/bin/sh`

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.