3.8 Ensure that registry certificate file permissions are set to 444 or more restrictive

Information

Verify that all the registry certificate files (usually found under /etc/docker/certs.d/<registry-name> directory) have permissions of 444 or more restrictive.
Rationale:
/etc/docker/certs.d/<registry-name> directory contains Docker registry certificates. These certificate files must have permissions of 444 to maintain the integrity of the certificates.

Solution

chmod 444 /etc/docker/certs.d/<registry-name>/*
This would set the permissions for registry certificate files to 444.
Impact:
None.
Default Value:
By default, the permissions for registry certificate files might not be 444. The default file permissions are governed by the system or user specific umaskvalues.

See Also

https://workbench.cisecurity.org/files/1726

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|14.4

Plugin: Unix

Control ID: 9a11dd2d70aeb0e870a80821e9ef2601ac30b402c168d610ab688fb04aeb30d7