0303-docker-service-priv-docker.service File Permissions Not Set to 644 or Higher
Rule ID
Category
Level
Compatible Versions
Description
- If you are using Docker on a computer that manages services with systemd, please verify that the permissions of the docker.service file are correctly set to 644 or more restrictive.
Scan Frequency
Theoretical Basis
- The docker.service file contains sensitive parameters that may alter the behavior of the Docker daemon. Therefore, no other user except root should be able to write to it to maintain the integrity of the file.
Risk Items
Audit Method
- Execute the following command to verify that the file permissions are set to "644" or more restrictive:
stat -c %a /usr/lib/systemd/system/docker.service
- Execute the following command:
#> chmod 644 /usr/lib/systemd/system/docker.service
Impact
Default Value
- This file may not exist on the system. In such cases, this recommendation does not apply. By default, if the file exists, the file permissions will be correctly set to 644.
References
CIS Controls