turbot/docker_compliance
GitHub
Loading controls...

Control: 3.18 Ensure that daemon.json file permissions are set to 644 or more restrictive

Description

You should verify that if the daemon.json is present its file permissions are correctly set to 644 or more restrictively.

The daemon.json file contains sensitive parameters that may alter the behavior of the docker daemon. Therefore it should be writeable only by root to ensure it is not modified by less privileged users.

Remediation

If the daemon.json file is present, you should execute the command below:

chmod 644 /etc/docker/daemon.json

This sets the file permissions for this file to 644.

Default Value

This file may not be present on the system, and in that case, this recommendation is not applicable.

Usage

Run the control in your terminal:

steampipe check docker_compliance.control.cis_v160_3_18

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share docker_compliance.control.cis_v160_3_18

SQL

This control uses a named query:

exec_permissions_644_daemon_json

Tags