0306-docker-socket-ownership - The ownership of docker.socket file is not set to root:root
Rule ID
- 0306-docker-socket-ownership
Category
Level
Compatible Versions
Description
- If you are using Docker on a computer that manages services with systemd, verify that the ownership and group ownership of the Docker.socket file are correctly set to root.
Scan Frequency
Theoretical Basis
- The docker.socket file contains sensitive parameters that may alter the behavior of the Docker remote API. Therefore, it should be owned by root, and the group should also be owned by root to maintain the integrity of the file.
Risk Items
Audit Method
- Execute the following command to verify that the file and group are owned by root:
stat -c %U:%G /usr/lib/systemd/system/docker.socket | grep -v root:root
- Execute the following command:
#> chown root:root /usr/lib/systemd/system/docker.socket
Impact
Default Value
- This file may not exist on the system. In this case, this recommendation does not apply. By default, if the file exists, the ownership and group ownership of this file will be correctly set to root.
References
CIS Controls