3.13 Verify that Docker server certificate key file ownership is set to root:root

Information

Verify that the Docker server certificate key file (the file that is passed alongwith '--tlskey'parameter) is owned and group-owned by 'root'.

Rationale:

The Docker server certificate key file should be protected from any tampering or unneeded reads. It holds the private key for the Docker server certificate.Hence, itmust be owned and group-owned by 'root' to maintain the integrity of the Docker server certificate.

Solution

chown root:root <path to Docker server certificate key file>



This would set the ownership and group-ownership for the Docker server certificate key file to 'root'.

Impact:

None.

Default Value:

By default, the ownership and group-ownership for Docker server certificate key file is correctly set to 'root'.

See Also

https://workbench.cisecurity.org/files/1476

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Unix

Control ID: 82546fd78882093acbc0293a43186fbbdef9622267c6071733c5149a5c82eef3