0302-docker-service-ownership-docker.service File Ownership Not Set to root:root
Rule ID
- 0302-docker-service-ownership
Category
Level
Compatible Versions
Description
- If Docker is used on a computer that manages services using systemd, verify that the ownership and group ownership of the docker.service file are correctly set to root.
Scan Frequency
Theoretical Basis
- The docker.service file contains sensitive parameters that may alter the behavior of the Docker daemon. Therefore, it should be owned by root, and the group should also be owned by root to maintain the integrity of the file.
Risk Items
Audit Method
- Execute the following command to verify that the file and group belong to root:
stat -c %U:%G /usr/lib/systemd/system/docker.service | grep -v root:root
- Execute the following command:
#> chown root:root /usr/lib/systemd/system/docker.service
Impact
Default Values
- This file may not exist on the system. In this case, this recommendation does not apply. By default, if the file exists, the ownership and group ownership of the file will be correctly set to root.
References
CIS Controls