Control: 3.1 Ensure that the docker.service file ownership is set to root:root
Description
You should verify that the docker.service file ownership and group ownership are correctly set to root.
The docker.service file contains sensitive parameters that may alter the behavior of the Docker daemon. It should therefore be individually and group owned by the root user in order to ensure that it is not modified or corrupted by a less privileged user.
Remediation
Step 1: Find out the file location:
systemctl show -p FragmentPath docker.service
Step 2: If the file does not exist, this recommendation is not applicable. If the file does
exist, you should execute the command below, including the correct file path, in order to
set the ownership and group ownership for the file to root. For example,
chown root:root /usr/lib/systemd/system/docker.service
Default Value
This file may not be present on the system and if it is not, this recommendation is not
applicable. By default, if the file is present, the correct permissions are for the ownership
and group ownership to be set to root.
Usage
Run the control in your terminal:
powerpipe control run docker_compliance.control.cis_v160_3_1Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run docker_compliance.control.cis_v160_3_1 --shareSQL
This control uses a named query:
exec_ownership_root_root_docker_service