STIGQter STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 19 Jul 2019: Docker Enterprise registry certificate file permissions must be set to 444 or more restrictive.

DISA Rule

SV-104891r1_rule

Vulnerability Number

V-95753

Group Title

SRG-APP-000516

Rule Version

DKER-EE-005240

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set the permissions for registry certificate files to 444.

Run the following command:
chmod 444 /etc/docker/certs.d/<registry-name>/*

Check Contents

Ensure that registry certificate file permissions are set to 444 or more restrictive.

Execute the below command to verify that the registry certificate files have permissions of 444 or more restrictive:

stat -c %a /etc/docker/certs.d/<registry-name>/*

If the permissions are not set to 444, this is a finding.

Vulnerability Number

V-95753

Documentable

False

Rule Version

DKER-EE-005240

Severity Override Guidance

Ensure that registry certificate file permissions are set to 444 or more restrictive.

Execute the below command to verify that the registry certificate files have permissions of 444 or more restrictive:

stat -c %a /etc/docker/certs.d/<registry-name>/*

If the permissions are not set to 444, this is a finding.

Check Content Reference

M

Target Key

3425

Comments