Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Docker Enterprise registry certificate file ownership must be set to root:root.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-95751 | DKER-EE-005230 | SV-104889r1_rule | High |
| Description |
|---|
| Verify that all the registry certificate files (usually found under /etc/docker/certs.d/<registry-name> directory) are owned and group-owned by root. /etc/docker/certs.d/<registry-name> directory contains Docker registry certificates. These certificate files must be owned and group-owned by root to maintain the integrity of the certificates. By default, the ownership and group-ownership for registry certificate files is correctly set to root. |
| STIG | Date |
|---|---|
| Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide | 2019-09-13 |
Details
| Check Text ( C-94581r1_chk ) |
|---|
| Ensure that registry certificate file ownership is set to root:root. Execute the below command to verify that the registry certificate files are owned and group-owned by root: stat -c %U:%G /etc/docker/certs.d/* If the certificate files are not owned by root, this is a finding. |
| Fix Text (F-101419r1_fix) |
|---|
| Set the ownership and group-ownership for the registry certificate files to root. Run the following command: chown root:root /etc/docker/certs.d/ |