Details

Verify that the TLS CAcertificate file (the file that is passed alongwith ‘–tlscacert’parameter) is owned and group-owned by ‘root’.

Rationale:

The TLS CA certificate file should be protected from any tampering. It is used to authenticate Docker server based on given CA certificate. Hence, itmust be owned and group-owned by ‘root’ to maintain the integrity of the CA certificate.

Solution

chown root:root

This would set the ownership and group-ownership for the TLS CA certificate file to ‘root’.

Impact:

None.

Default Value:

By default, the ownership and group-ownership for TLS CA certificate file is correctly set to ‘root’.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/1476

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.

Source

• Tenable.com/audits