STIGQter STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 19 Jul 2019: Periodic data usage and analytics reporting in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise.

DISA Rule

SV-104767r1_rule

Vulnerability Number

V-95629

Group Title

SRG-APP-000141

Rule Version

DKER-EE-001920

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

This fix only applies to the DTR component of Docker Enterprise.

Disable usage and API analytics tracking in DTR:

via UI:

As a Docker EE Admin, navigate to "System" | "General" in the DTR management console. Click the "Send data" slider to disable this capability.

via CLI:

Linux (requires curl and jq): As a Docker EE Admin, execute the following commands from a machine with connectivity to the DTR management console:

AUTHTOKEN=$(curl -sk -u <username>:<password> "https://[dtr_url]/auth/token" | jq -r .token)
curl -k -H "Authorization: Bearer $AUTHTOKEN" -X POST -d '{"reportAnalytics":false}' -H 'Content-Type: application/json' "https://[dtr_url]/api/v0/meta/settings"

Check Contents

This check only applies to the DTR component of Docker Enterprise.

Verify that usage and API analytics tracking is disabled in DTR:

via UI:

As a Docker EE Admin, navigate to "System" | "General" in the DTR management console. Verify that the "Send data" option is disabled.

via CLI:

Linux (requires curl and jq):

AUTHTOKEN=$(curl -sk -u <username>:<password> "https://[dtr_url]/auth/token" | jq -r .token)
curl -k -H "Authorization: Bearer $AUTHTOKEN"" -X GET ""https://[dtr_url]/api/v0/meta/settings"

Look for the "reportAnalytics" field in the output and verify that it is set to "false". If it is not, then this is a finding.

Vulnerability Number

V-95629

Documentable

False

Rule Version

DKER-EE-001920

Severity Override Guidance

This check only applies to the DTR component of Docker Enterprise.

Verify that usage and API analytics tracking is disabled in DTR:

via UI:

As a Docker EE Admin, navigate to "System" | "General" in the DTR management console. Verify that the "Send data" option is disabled.

via CLI:

Linux (requires curl and jq):

AUTHTOKEN=$(curl -sk -u <username>:<password> "https://[dtr_url]/auth/token" | jq -r .token)
curl -k -H "Authorization: Bearer $AUTHTOKEN"" -X GET ""https://[dtr_url]/api/v0/meta/settings"

Look for the "reportAnalytics" field in the output and verify that it is set to "false". If it is not, then this is a finding.

Check Content Reference

M

Target Key

3425

Comments