Docker Enterprise registry certificate file ownership must be set to root:root.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-235857 | DKER-EE-005230 | SV-235857r627698_rule | High |
| Description |
|---|
| Verify that all the registry certificate files (usually found under /etc/docker/certs.d/<registry-name> directory) are owned and group-owned by root. /etc/docker/certs.d/<registry-name> directory contains Docker registry certificates. These certificate files must be owned and group-owned by root to maintain the integrity of the certificates. By default, the ownership and group-ownership for registry certificate files is correctly set to root. |
| STIG | Date |
|---|---|
| Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide | 2021-03-26 |
Details
| Check Text ( C-39076r627696_chk ) |
|---|
| Ensure that registry certificate file ownership is set to root:root. Execute the below command to verify that the registry certificate files are owned and group-owned by root: stat -c %U:%G /etc/docker/certs.d/* If the certificate files are not owned by root, this is a finding. |
| Fix Text (F-39039r627697_fix) |
|---|
| Set the ownership and group-ownership for the registry certificate files to root. Run the following command: chown root:root /etc/docker/certs.d/ |