Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-95771 | DKER-EE-005330 | SV-104909r1_rule | High |
Description |
---|
Verify that the daemon.json file ownership and group-ownership is correctly set to root. daemon.json file contains sensitive parameters that may alter the behavior of docker daemon. Hence, it should be owned and group-owned by root to maintain the integrity of the file. This file may not be present on the system. In that case, this recommendation is not applicable. |
STIG | Date |
---|---|
Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide | 2019-09-13 |
Check Text ( C-94601r1_chk ) |
---|
The docker.daemon file is not created on installation and must be created. Ensure that daemon.json file ownership is set to root:root. Execute the below command to verify that the file is owned and group-owned by root: stat -c %U:%G /etc/docker/daemon.json If the docker.daemon file doesn't exist or if the file permissions are not set to root:root, this is a finding. |
Fix Text (F-101439r1_fix) |
---|
If docker.daemon does not exist, create the file and set the ownership and group-ownership for the file to root. Run the following command: chown root:root /etc/docker/daemon.json |