Docker Enterprise registry certificate file ownership must be set to root:root.
An XCCDF Rule
Description
<VulnDiscussion>Verify that all the registry certificate files (usually found under /etc/docker/certs.d/<registry-name> directory) are owned and group-owned by root. /etc/docker/certs.d/<registry-name> directory contains Docker registry certificates. These certificate files must be owned and group-owned by root to maintain the integrity of the certificates. By default, the ownership and group-ownership for registry certificate files is correctly set to root.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-235857r627698_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
Set the ownership and group-ownership for the registry certificate files to root.
Run the following command:
chown root:root /etc/docker/certs.d/<registry-name>/*