Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-235857 | DKER-EE-005230 | SV-235857r627698_rule | High |
Description |
---|
Verify that all the registry certificate files (usually found under /etc/docker/certs.d/<registry-name> directory) are owned and group-owned by root. /etc/docker/certs.d/<registry-name> directory contains Docker registry certificates. These certificate files must be owned and group-owned by root to maintain the integrity of the certificates. By default, the ownership and group-ownership for registry certificate files is correctly set to root. |
STIG | Date |
---|---|
Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide | 2021-03-26 |
Check Text ( C-39076r627696_chk ) |
---|
Ensure that registry certificate file ownership is set to root:root. Execute the below command to verify that the registry certificate files are owned and group-owned by root: stat -c %U:%G /etc/docker/certs.d/* If the certificate files are not owned by root, this is a finding. |
Fix Text (F-39039r627697_fix) |
---|
Set the ownership and group-ownership for the registry certificate files to root. Run the following command: chown root:root /etc/docker/certs.d/ |