3.11 Verify that Docker server certificate file ownership is set to root:root

Information

Verify that the Docker server certificate file (the file that is passed alongwith '--tlscert'parameter) is owned and group-owned by 'root'.

Rationale:

The Docker server certificate file should be protected from any tampering. It is used to authenticate Docker server based on the given server certificate. Hence, itmust be owned and group-owned by 'root' to maintain the integrity of the certificate.

Solution

chown root:root <path to Docker server certificate file>



This would set the ownership and group-ownership for the Docker server certificate file to 'root'.

Impact:

None.

Default Value:

By default, the ownership and group-ownership for Docker server certificate file is correctly set to 'root'.

See Also

https://workbench.cisecurity.org/files/1476

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Unix

Control ID: 20e0f67b3fc10675913ea32ca2b067f539a0bdc367442a07386033e8f651fbe6