0308-docker-env-ownership-Docker Environment File Ownership Not Set to root:root
Rule ID
- 0308-docker-env-ownership
Category
Level
Compatible Versions
Description
- The Docker daemon uses Docker environment files to set the runtime environment for the Docker daemon. If Docker is used on a computer that manages services with systemd, the file is /etc/sysconfig/docker. On other systems, the environment file is /etc/default/docker. Verify that the ownership and group ownership of the environment file are correctly set to root.
Scan Frequency
Theoretical Basis
- Docker environment files contain sensitive parameters that can change the behavior of the Docker daemon at runtime. Therefore, it should be owned by root, and the group should also be owned by root to maintain the integrity of the file.
Risk Items
Audit Method
- Execute the following command to verify whether the environment file is owned by root and the group is owned by root:
stat -c %U:%G /etc/sysconfig/docker | grep -v root:root
- Execute the following command:
#> chown root:root /etc/sysconfig/docker
Impact
Default Values
- By default, the ownership and group ownership of this file are correctly set to root.
References
CIS Controls