2.13 Ensure operations on legacy registry (v1) are Disabled

Information

The latest Docker registry is v2. All operations on the legacy registry version (v1) should be restricted.
Rationale:
Docker registry v2 brings in many performance and security improvements over v1. It supports container image provenance and other security features such as image signing and verification. Hence, operations on Docker legacy registry should be restricted.

Solution

Start the docker daemon as below:
dockerd --disable-legacy-registry
Impact:
Legacy registry operations would be restricted.
Default Value:
By default, legacy registry operations are allowed.

See Also

https://workbench.cisecurity.org/files/1726

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|18

Plugin: Unix

Control ID: 9e4eb1754cb82ae730ecfb0a50c1d06549e5f3447a4f26b3b6bb3df97076c7f1