Details

If you are using Docker on a machine that uses systemd to manage services, then verify that

the ‘docker-registry’ file ownership and group-ownership is correctly set to ‘root’.

‘docker-registry’ file contains sensitive parameters that may alter the behavior of Docker

daemon. Hence, it should be owned and group-owned by ‘root’ to maintain the integrity of

the file.

Solution

#> chown root-root /etc/sysconfig/docker-registry
This would set the ownership and group-ownership for the file to ‘root’.

Impact-None.

Default Value-This file may not be present on the system. In that case, this recommendation is not
applicable. By default, if the file is present, the ownership and group-ownership for this file
is correctly set to ‘root’.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/514

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.
• CSCv6|3.1

Source

• Tenable.com/audits