Ensure that Docker socket file permissions are set to 660 or more restrictive

Details

Verify that the Docker socket file has permissions of 660 or more restrictive.

Rationale:

Only root and members of docker group should be allowed to read and write to default Docker Unix socket. Hence, the Docket socket file must have permissions of 660 or more restrictive.

Solution

chmod 660 /var/run/docker.sock
This would set the file permissions of the Docker socket file to 660.
Impact:
None.
Default Value:
By default, the permissions for Docker socket file is correctly set to 660.

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/1726

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CSCv6|14.4

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles