3.7 Ensure that registry certificate file ownership is set to root:root

Information

Verify that all the registry certificate files (usually found under /etc/docker/certs.d/<registry-name> directory) are owned and group-owned by root.
Rationale:
/etc/docker/certs.d/<registry-name> directory contains Docker registry certificates. These certificate files must be owned and group-owned by root to maintain the integrity of the certificates.

Solution

chown root:root /etc/docker/certs.d/<registry-name>/*
This would set the ownership and group-ownership for the registry certificate files to root.
Impact:
None.
Default Value:
By default, the ownership and group-ownership for registry certificate files is correctly set to root.

See Also

https://workbench.cisecurity.org/files/1726

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|5.1

Plugin: Unix

Control ID: aa3e06436d964c9f3052ec42d7e55bb6773b16961ff40341269ff5a5555a4d15