STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Periodic data usage and analytics reporting in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise.

DISA Rule

SV-235798r627521_rule

Vulnerability Number

V-235798

Group Title

SRG-APP-000141

Rule Version

DKER-EE-001920

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

This fix only applies to the DTR component of Docker Enterprise.

Disable usage and API analytics tracking in DTR:

via UI:

As a Docker EE Admin, navigate to "System" | "General" in the DTR management console. Click the "Send data" slider to disable this capability.

via CLI:

Linux (requires curl and jq): As a Docker EE Admin, execute the following commands from a machine with connectivity to the DTR management console:

AUTHTOKEN=$(curl -sk -u <username>:<password> "https://[dtr_url]/auth/token" | jq -r .token)
curl -k -H "Authorization: Bearer $AUTHTOKEN" -X POST -d '{"reportAnalytics":false}' -H 'Content-Type: application/json' "https://[dtr_url]/api/v0/meta/settings"

Check Contents

This check only applies to the DTR component of Docker Enterprise.

Verify that usage and API analytics tracking is disabled in DTR:

via UI:

As a Docker EE Admin, navigate to "System" | "General" in the DTR management console. Verify that the "Send data" option is disabled.

via CLI:

Linux (requires curl and jq):

AUTHTOKEN=$(curl -sk -u <username>:<password> "https://[dtr_url]/auth/token" | jq -r .token)
curl -k -H "Authorization: Bearer $AUTHTOKEN"" -X GET ""https://[dtr_url]/api/v0/meta/settings"

Look for the "reportAnalytics" field in the output and verify that it is set to "false". If it is not, then this is a finding.

Vulnerability Number

V-235798

Documentable

False

Rule Version

DKER-EE-001920

Severity Override Guidance

This check only applies to the DTR component of Docker Enterprise.

Verify that usage and API analytics tracking is disabled in DTR:

via UI:

As a Docker EE Admin, navigate to "System" | "General" in the DTR management console. Verify that the "Send data" option is disabled.

via CLI:

Linux (requires curl and jq):

AUTHTOKEN=$(curl -sk -u <username>:<password> "https://[dtr_url]/auth/token" | jq -r .token)
curl -k -H "Authorization: Bearer $AUTHTOKEN"" -X GET ""https://[dtr_url]/api/v0/meta/settings"

Look for the "reportAnalytics" field in the output and verify that it is set to "false". If it is not, then this is a finding.

Check Content Reference

M

Target Key

5281

Comments