3.8 Verify that registry certificate file permissions are set to 444 or more restrictive

Information

Verify that all the registry certificate files (usually found under/etc/docker/certs.d/<registry-name>directory) have permissions of '444'or more restrictive.

Rationale:

/etc/docker/certs.d/<registry-name>directory contains Docker registry certificates. These certificate files must have permissions of '444'to maintain the integrity of the certificates.

Solution

chmod 444 /etc/docker/certs.d/<registry-name>/*



This would set the permissions for registry certificate files to '444'.

Impact:

None.

Default Value:

By default, the permissions for registry certificate files might not be '444'. The default file permissions are governed by the system or user specific umask values.

See Also

https://workbench.cisecurity.org/files/1476

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Unix

Control ID: 35120aa5aa7a677483ac5770b97bc45dba5ac14b35fe828538e1a8ce1da22632