UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Docker Enterprise registry certificate file ownership must be set to root:root.


Overview

Finding ID Version Rule ID IA Controls Severity
V-95751 DKER-EE-005230 SV-104889r1_rule High
Description
Verify that all the registry certificate files (usually found under /etc/docker/certs.d/<registry-name> directory) are owned and group-owned by root. /etc/docker/certs.d/<registry-name> directory contains Docker registry certificates. These certificate files must be owned and group-owned by root to maintain the integrity of the certificates. By default, the ownership and group-ownership for registry certificate files is correctly set to root.
STIG Date
Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide 2019-09-13

Details

Check Text ( C-94581r1_chk )
Ensure that registry certificate file ownership is set to root:root.

Execute the below command to verify that the registry certificate files are owned and group-owned by root:

stat -c %U:%G /etc/docker/certs.d/*

If the certificate files are not owned by root, this is a finding.
Fix Text (F-101419r1_fix)
Set the ownership and group-ownership for the registry certificate files to root.

Run the following command:
chown root:root /etc/docker/certs.d//*