II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000516
Group -
Docker Enterprise /etc/docker directory ownership must be set to root:root.
Verify that the /etc/docker directory ownership and group-ownership is correctly set to root. /etc/docker directory contains certificates and keys in addition to various sensitive files. Hence, it...Rule High Severity -
SRG-APP-000516
Group -
Docker Enterprise /etc/docker directory permissions must be set to 755 or more restrictive.
Verify that the /etc/docker directory permissions are correctly set to 755 or more restrictive. /etc/docker directory contains certificates and keys in addition to various sensitive files. Hence, ...Rule Medium Severity -
SRG-APP-000516
Group -
Docker Enterprise registry certificate file ownership must be set to root:root.
Verify that all the registry certificate files (usually found under /etc/docker/certs.d/<registry-name> directory) are owned and group-owned by root. /etc/docker/certs.d/<registry-name> directory ...Rule High Severity -
SRG-APP-000516
Group -
Docker Enterprise registry certificate file permissions must be set to 444 or more restrictive.
Verify that all the registry certificate files (usually found under /etc/docker/certs.d/<registry-name> directory) have permissions of 444 or more restrictive. /etc/docker/certs.d/<registry-name> ...Rule Medium Severity -
SRG-APP-000516
Group -
Docker Enterprise TLS certificate authority (CA) certificate file ownership must be set to root:root.
Verify that the TLS CA certificate file (the file that is passed along with --TLScacert parameter) is owned and group-owned by root. The TLS CA certificate file should be protected from any tamper...Rule High Severity -
SRG-APP-000516
Group -
Docker Enterprise TLS certificate authority (CA) certificate file permissions must be set to 444 or more restrictive.
Verify that the TLS CA certificate file (the file that is passed along with --TLScacert parameter) has permissions of 444 or more restrictive. The TLS CA certificate file should be protected from ...Rule Medium Severity -
SRG-APP-000516
Group -
Docker Enterprise server certificate file ownership must be set to root:root.
Verify that the Docker server certificate file (the file that is passed along with --TLScert parameter) is owned and group-owned by root. The Docker server certificate file should be protected fro...Rule High Severity -
SRG-APP-000516
Group -
Docker Enterprise server certificate file permissions must be set to 444 or more restrictive.
Verify that the Docker server certificate file (the file that is passed along with --TLScert parameter) has permissions of 444 or more restrictive. The Docker server certificate file should be pro...Rule Medium Severity -
SRG-APP-000516
Group -
Docker Enterprise server certificate key file ownership must be set to root:root.
Verify that the Docker server certificate key file (the file that is passed along with --TLSkey parameter) is owned and group-owned by root. The Docker server certificate key file should be protec...Rule Medium Severity -
SRG-APP-000516
Group -
Docker Enterprise server certificate key file permissions must be set to 400.
Verify that the Docker server certificate key file (the file that is passed along with --TLSkey parameter) has permissions of 400. The Docker server certificate key file should be protected from a...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.