4.1.8 Ensure that the client certificate authorities file ownership is set to root:root

Information

Ensure that the certificate authorities file ownership is set to root:root.

Rationale:

The certificate authorities file controls the authorities used to validate API requests. You should set its file ownership to maintain the integrity of the file. The file should be owned by root:root.

Impact:

None

Solution

Run the following command to modify the ownership of the --client-ca-file.

chown root:root <filename>

Default Value:

By default no --client-ca-file is specified.

See Also

https://workbench.cisecurity.org/files/4111