0305-docker-registry-service-priv-docker.registry.service File Permissions Not Set to 644 or More Restrictive
Rule ID
- 0305-docker-registry-service-priv
Category
Level
Compatible Versions
Description
- If you are using Docker on a computer that manages services with systemd, verify that the permissions for the docker-registry.service file are correctly set to "644" or more restrictive.
Scan Frequency
Theoretical Basis
- The docker-registry.service file contains sensitive parameters that may alter the behavior of the Docker daemon. Therefore, to maintain the integrity of the file, no user other than root should have write access to it.
Risk Items
Audit Method
- Execute the following command to verify that the file permissions are set to "644" or more restrictive:
stat -c %a /usr/lib/systemd/system/docker-registry.service
- Execute the following command:
#> chmod 644 /usr/lib/systemd/system/docker-registry.service
Impact
Default Value
- This file may not exist on the system. In this case, this recommendation does not apply. By default, if the file exists, its permissions will be correctly set to 644.
References
CIS Controls