STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Docker Enterprise TLS certificate authority (CA) certificate file permissions must be set to 444 or more restrictive.

DISA Rule

SV-235860r627707_rule

Vulnerability Number

V-235860

Group Title

SRG-APP-000516

Rule Version

DKER-EE-005260

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

chmod 444 <path to TLS CA certificate file>

This sets the file permissions of the TLS CA file to 444.

Check Contents

Ensure that TLS CA certificate file permissions are set to 444 or more restrictive.

Execute the below command to verify that the TLS CA certificate file has permissions of 444 or more restrictive:

stat -c %a <path to TLS CA certificate file>

If the permissions are not set to 444, this is a finding.

Vulnerability Number

V-235860

Documentable

False

Rule Version

DKER-EE-005260

Severity Override Guidance

Ensure that TLS CA certificate file permissions are set to 444 or more restrictive.

Execute the below command to verify that the TLS CA certificate file has permissions of 444 or more restrictive:

stat -c %a <path to TLS CA certificate file>

If the permissions are not set to 444, this is a finding.

Check Content Reference

M

Target Key

5281

Comments