STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Docker Enterprise socket file permissions must be set to 660 or more restrictive.

DISA Rule

SV-235866r627725_rule

Vulnerability Number

V-235866

Group Title

SRG-APP-000516

Rule Version

DKER-EE-005320

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

chmod 660 /var/run/docker.sock

This sets the file permissions of the Docker socket file to 660.

Check Contents

Ensure that Docker socket file permissions are set to 660 or more restrictive.

Execute the below command to verify that the Docker socket file has permissions of 660 or more restrictive:

stat -c %a /var/run/docker.sock

If the permissions are not set to 660, this is a finding.

Vulnerability Number

V-235866

Documentable

False

Rule Version

DKER-EE-005320

Severity Override Guidance

Ensure that Docker socket file permissions are set to 660 or more restrictive.

Execute the below command to verify that the Docker socket file has permissions of 660 or more restrictive:

stat -c %a /var/run/docker.sock

If the permissions are not set to 660, this is a finding.

Check Content Reference

M

Target Key

5281

Comments