3.6 Verify that docker.socket file permissions are set to 644 or more restrictive

Information

If you are using Docker on a machine that uses systemd to manage services, then verify that
the 'docker.socket' file permissions are correctly set to '644' or more restrictive.

'docker.socket' file contains sensitive parameters that may alter the behavior of Docker
remote API. Hence, it should be writable only by 'root' to maintain the integrity of the file.

Solution

#> chmod 644 /usr/lib/systemd/system/docker.socket
This would set the file permissions for this file to '644'.

Impact-None.

Default Value-This file may not be present on the system. In that case, this recommendation is not
applicable. By default, if the file is present, the file permissions for this file are correctly set
to '644'.

See Also

https://workbench.cisecurity.org/files/514

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.1

Plugin: Unix

Control ID: 98c600172746f3c06f36acd93d0dee8ebd75a5cc07a73b294e27b5d7f324ae23