3.9 Ensure that TLS CA certificate file ownership is set to root:root

Information

Verify that the TLS CA certificate file (the file that is passed alongwith --tlscacert parameter) is owned and group-owned by root.
Rationale:
The TLS CA certificate file should be protected from any tampering. It is used to authenticate Docker server based on given CA certificate. Hence, it must be owned and group-owned by root to maintain the integrity of the CA certificate.

Solution

chown root:root <path to TLS CA certificate file>
This would set the ownership and group-ownership for the TLS CA certificate file to root.
Impact:
None.
Default Value:
By default, the ownership and group-ownership for TLS CA certificate file is correctly set to root.

See Also

https://workbench.cisecurity.org/files/1726

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|5.1

Plugin: Unix

Control ID: 4f7d50cd9353cf12021b593aee517c1afced9dcddad9023d28d665f90287391d