Details

Verify that all the registry certificate files (usually found

under /etc/docker/certs.d/ directory) are owned and group-owned by

‘root’.

/etc/docker/certs.d/ directory contains Docker registry certificates.

These certificate files must be owned and group-owned by ‘root’ to maintain the integrity

of the certificates.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/514

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.
• CSCv6|3.1

Source

• Tenable.com/audits