3.20 Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively

Information

You should verify that the /etc/default/docker file permissions are correctly set to 644 or more restrictively.

Rationale:

The /etc/default/docker file contains sensitive parameters that may alter the behavior of the Docker daemon. It should therefore be writeable only by root in order to ensure that it is not modified by less privileged users.

Impact:

None.

Solution

You should execute the following command:

chmod 644 /etc/default/docker

This sets the file permissions for this file to 644.

Default Value:

This file may not be present on the system and in this case, this recommendation is not applicable.

See Also

https://workbench.cisecurity.org/benchmarks/11818

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 6bb09baea2613c1b617725c620762732d85a03500f20f5c8e5cce73e5c3bc535