Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Docker Enterprise daemon.json file ownership must be set to root:root.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-95771 | DKER-EE-005330 | SV-104909r1_rule | High |
| Description |
|---|
| Verify that the daemon.json file ownership and group-ownership is correctly set to root. daemon.json file contains sensitive parameters that may alter the behavior of docker daemon. Hence, it should be owned and group-owned by root to maintain the integrity of the file. This file may not be present on the system. In that case, this recommendation is not applicable. |
| STIG | Date |
|---|---|
| Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide | 2019-09-13 |
Details
| Check Text ( C-94601r1_chk ) |
|---|
| The docker.daemon file is not created on installation and must be created. Ensure that daemon.json file ownership is set to root:root. Execute the below command to verify that the file is owned and group-owned by root: stat -c %U:%G /etc/docker/daemon.json If the docker.daemon file doesn't exist or if the file permissions are not set to root:root, this is a finding. |
| Fix Text (F-101439r1_fix) |
|---|
| If docker.daemon does not exist, create the file and set the ownership and group-ownership for the file to root. Run the following command: chown root:root /etc/docker/daemon.json |