3.7 Verify that registry certificate file ownership is set to root:root

Information

Verify that all the registry certificate files (usually found under/etc/docker/certs.d/<registry-name>directory) are owned and group-owned by 'root'./etc/docker/certs.d/<registry-name>directory contains Docker registry certificates. These certificate files must be owned and group-owned by 'root' to maintain the integrity of the certificates.

Solution

chown root:root /etc/docker/certs.d/<registry-name>/*This would set the ownership and group-ownership for the registry certificate files to 'root'.
Impact-
None.
Default Value-
By default, the ownership and group-ownership for registry certificate files is correctly set to 'root'.

See Also

https://workbench.cisecurity.org/files/516

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Unix

Control ID: b0baf6778d88dd3d8561b7602c29463aecb0a3ad6692f76236e9557d4764ef9c