Docker Enterprise daemon.json file permissions must be set to 644 or more restrictive.

An XCCDF Rule

Description

<VulnDiscussion>Verify that the daemon.json file permissions are correctly set to 644 or more restrictive. daemon.json file contains sensitive parameters that may alter the behavior of docker daemon. Hence, it should be writable only by root to maintain the integrity of the file. This file may not be present on the system. In that case, this recommendation is not applicable.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-235868r627731_rule
Severity: High
References: CCI-000366
Updated: about 1 year ago

If docker.daemon does not exist, create the file and set the file permissions for this file to 644.

Run the following command;
chmod 644 /etc/docker/daemon.json

Docker Enterprise daemon.json file permissions must be set to 644 or more restrictive.

Description

Remediation - Manual Procedure