Verify that Docker socket file permissions are set to 660 or more restrictive

Details

https://docs.docker.com/reference/commandline/cli/#daemon-socket-option

2.https://docs.docker.com/articles/basics/#bind-docker-to-another-hostport-or-a-unix-socket

Solution

chmod 660 /var/run/docker.sock
This would set the file permissions of the Docker socket file to ‘660’.Impact-None.Default Value-By default, the permissions for Docker socket file is correctly set to ‘660’.

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/517

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles