Verify that Docker socket file permissions are set to 660 or more restrictive

Details

Verify that the Docker socket file has permissions of ‘660’ or more restrictive.

Only ‘root’ and members of ‘docker’ group should be allowed to read and write to default

Docker Unix socket. Hence, the Docket socket file must have permissions of ‘660’ or more

restrictive.

Solution

#> chmod 660 /var/run/docker.sock
This would set the file permissions of the Docker socket file to ‘660’.

Impact-None.

Default Value-By default, the permissions for Docker socket file is correctly set to ‘660’.

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/514

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CSCv6|3.1

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles