Docker Enterprise daemon.json file permissions must be set to 644 or more restrictive.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-235868	DKER-EE-005340	SV-235868r627731_rule		High

Description
Verify that the daemon.json file permissions are correctly set to 644 or more restrictive. daemon.json file contains sensitive parameters that may alter the behavior of docker daemon. Hence, it should be writable only by root to maintain the integrity of the file. This file may not be present on the system. In that case, this recommendation is not applicable.

STIG	Date
Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide	2021-03-26

Details

Check Text ( C-39087r627729_chk )
The docker.daemon file is not created on installation and must be created. Ensure that daemon.json file permissions are set to 644 or more restrictive. Execute the below command to verify that the file permissions are correctly set to 644 or more restrictive: stat -c %a /etc/docker/daemon.json If the permissions are not set to 644 or a more restrictive setting, this is a finding. If the permissions are not set to 644, this is a finding.

Check Text ( C-39087r627729_chk )

The docker.daemon file is not created on installation and must be created. Ensure that daemon.json file permissions are set to 644 or more restrictive.

Execute the below command to verify that the file permissions are correctly set to 644 or more restrictive:

stat -c %a /etc/docker/daemon.json

If the permissions are not set to 644 or a more restrictive setting, this is a finding.

If the permissions are not set to 644, this is a finding.

Fix Text (F-39050r627730_fix)
If docker.daemon does not exist, create the file and set the file permissions for this file to 644. Run the following command; chmod 644 /etc/docker/daemon.json