Details

Ensure that the certificate authorities file ownership is set to root:root.

Rationale:

The certificate authorities file controls the authorities used to validate API requests. You should set its file ownership to maintain the integrity of the file. The file should be owned by root:root.

Impact:

None

Solution

Run the following command to modify the ownership of the –client-ca-file.

chown root:root

Default Value:

By default no –client-ca-file is specified.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3371

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.
• CSCv6|3.1
• CSCv6|5.1
• CSCv7|4

Source

• Tenable.com/audits