3.3 Verify that docker-registry.service file ownership is set to root:root

Information

If you are using Docker on a machine that uses systemd to manage services, then verify that
the 'docker-registry.service' file ownership and group-ownership is correctly set to
'root'.

'docker-registry.service' file contains sensitive parameters that may alter the behavior
of Docker daemon. Hence, it should be owned and group-owned by 'root' to maintain the
integrity of the file.

Solution

#> chown root-root /usr/lib/systemd/system/docker-registry.service
This would set the ownership and group-ownership for the file to 'root'.

Impact-None.

Default Value-This file may not be present on the system. In that case, this recommendation is not
applicable. By default, if the file is present, the ownership and group-ownership for this file
is correctly set to 'root'.

See Also

https://workbench.cisecurity.org/files/514

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.1

Plugin: Unix

Control ID: e65c5909426b8e7ea505720b76c5407d53f51e396eb754370e0dc3a012a676c6