3.7 Verify that registry certificate file ownership is set to root:root

Information

Verify that all the registry certificate files (usually found under/etc/docker/certs.d/<registry-name>directory) are owned and group-owned by 'root'.

Rationale:

/etc/docker/certs.d/<registry-name>directory contains Docker registry certificates. These certificate files must be owned and group-owned by 'root' to maintain the integrity of the certificates.

Solution

chown root:root /etc/docker/certs.d/<registry-name>/*



This would set the ownership and group-ownership for the registry certificate files to 'root'.

Impact:

None.

Default Value:

By default, the ownership and group-ownership for registry certificate files is correctly set to 'root'.

See Also

https://workbench.cisecurity.org/files/1476

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Unix

Control ID: 35fac0700aa2e5b7fc2925573827c592db1da36d0cd12eda64d3e6780b76a967