3.18 Verify that registry certificate file permissions are set to 444 or more restrictive

Information

Verify that all the registry certificate files (usually found
under /etc/docker/certs.d/<registry-name> directory) have permissions of '444' or
more restrictive.

/etc/docker/certs.d/<registry-name> directory contains Docker registry certificates.
These certificate files must have permissions of '444' to maintain the integrity of the
certificates.

Solution

#> chmod 444 /etc/docker/certs.d/<registry-name>/*
This would set the permissions for registry certificate files to '444'.

Impact-None.

Default Value-By default, the permissions for registry certificate files might not be '444'. The default file
permissions are governed by the system or user specific umask values.

See Also

https://workbench.cisecurity.org/files/514

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.1

Plugin: Unix

Control ID: e9c590abe249cdf479795a46d87d2bff8a10a4e50cb42cfea927208987f6998c