Control: 3.18 Ensure that daemon.json file permissions are set to 644 or more restrictive
Description
You should verify that if the daemon.json is present its file permissions are correctly set
to 644 or more restrictively.
The daemon.json file contains sensitive parameters that may alter the behavior of the
docker daemon. Therefore it should be writeable only by root to ensure it is not
modified by less privileged users.
Remediation
If the daemon.json file is present, you should execute the command below:
chmod 644 /etc/docker/daemon.json
This sets the file permissions for this file to 644.
Default Value
This file may not be present on the system, and in that case, this recommendation is not applicable.
Usage
Run the control in your terminal:
powerpipe control run docker_compliance.control.cis_v160_3_18Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run docker_compliance.control.cis_v160_3_18 --shareSQL
This control uses a named query:
exec_permissions_644_daemon_json