STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-235822r627593_rule
V-235822
SRG-APP-000175
DKER-EE-002380
CAT II
10
via GUI:
As any user with access to UCP, within the UCP web console, click on the username dropdown in the top-left corner, and select "My Profile". On the "Client Bundles" tab, select the "New Client Bundle" dropdown and click "Add Existing Client Bundle". Provide an appropriate "Label", and in the "Public Key" field, paste the public key of the certificate chain provided to that user by the organization. Click "Confirm" to save the bundle.
via CLI:
Linux (requires curl): As a Docker EE Admin, execute the following commands using a client bundle and from a machine with connectivity to the UCP management console.
curl --cacert ca.pem --cert cert.pem --key key.pem -X POST -H "Content-Type: application/json" -d '{"certificates":[{"cert":"[encoded_PEM_for_cert]","label":"[cert_label]"}],"label":"[key_description]","publicKey":"[encoded_PEM_for_public_key]"}' https://[ucp_url]/api/accounts/[account_name_or_id]/publickeys
via CLI: Execute the following command from within the directory in which the UCP client bundle is located.
(Linux) openssl x509 -noout -text -in cert.pem |grep "Subject\|Issuer"
Verify that the Subject and Issuer output matches that which is defined in the SSP.
If the Subject and Issuer do not match what is documented in the SSP, this is a finding.
V-235822
False
DKER-EE-002380
via CLI: Execute the following command from within the directory in which the UCP client bundle is located.
(Linux) openssl x509 -noout -text -in cert.pem |grep "Subject\|Issuer"
Verify that the Subject and Issuer output matches that which is defined in the SSP.
If the Subject and Issuer do not match what is documented in the SSP, this is a finding.
M
5281