STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Docker Enterprise registry certificate file permissions must be set to 444 or more restrictive.

DISA Rule

SV-235858r627701_rule

Vulnerability Number

V-235858

Group Title

SRG-APP-000516

Rule Version

DKER-EE-005240

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Set the permissions for registry certificate files to 444.

Run the following command:
chmod 444 /etc/docker/certs.d/<registry-name>/*

Check Contents

Ensure that registry certificate file permissions are set to 444 or more restrictive.

Execute the below command to verify that the registry certificate files have permissions of 444 or more restrictive:

stat -c %a /etc/docker/certs.d/<registry-name>/*

If the permissions are not set to 444, this is a finding.

Vulnerability Number

V-235858

Documentable

False

Rule Version

DKER-EE-005240

Severity Override Guidance

Ensure that registry certificate file permissions are set to 444 or more restrictive.

Execute the below command to verify that the registry certificate files have permissions of 444 or more restrictive:

stat -c %a /etc/docker/certs.d/<registry-name>/*

If the permissions are not set to 444, this is a finding.

Check Content Reference

M

Target Key

5281

Comments