The Docker server certificate key file should be protected from.ĭocker Enterprise /etc/default/docker file ownership must be set to root:root. Verify that the Docker server certificate key file (the file that is passed along with -TLSkey parameter) has permissions of 400.
If any other user or process owns.ĭocker Enterprise server certificate key file permissions must be set to 400. The default UNIX socket hence must be owned by root. Verify that the Docker socket file is owned by root and group-owned by docker.ĭocker daemon runs as root. Hence, the.ĭocker Enterprise socket file ownership must be set to root:docker. Only root and members of docker group should be allowed to read and write to default Docker UNIX socket.
Verify that the Docker socket file has permissions of 660 or more restrictive. Hence, it.ĭocker Enterprise socket file permissions must be set to 660 or more restrictive. Verify that the daemon.json file ownership and group-ownership is correctly set to root.ĭaemon.json file contains sensitive parameters that may alter the behavior of docker daemon. The Docker server certificate file should be protected.ĭocker Enterprise daemon.json file ownership must be set to root:root. Verify that the Docker server certificate file (the file that is passed along with -TLScert parameter) is owned and group-owned by root. Findings (MAC III - Administrative Sensitive) Finding IDĭocker Enterprise server certificate file ownership must be set to root:root.
