STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide

V-235857

CAT I (High)

Docker Enterprise registry certificate file ownership must be set to root:root.

Rule ID

SV-235857r961863_rule

STIG

Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000366

Discussion

Verify that all the registry certificate files (usually found under /etc/docker/certs.d/<registry-name> directory) are owned and group-owned by root. /etc/docker/certs.d/<registry-name> directory contains Docker registry certificates. These certificate files must be owned and group-owned by root to maintain the integrity of the certificates. By default, the ownership and group-ownership for registry certificate files is correctly set to root.

Check Content

Ensure that registry certificate file ownership is set to root:root.

Execute the below command to verify that the registry certificate files are owned and group-owned by root:

stat -c %U:%G /etc/docker/certs.d/*

If the certificate files are not owned by root, this is a finding.

Fix Text

Set the ownership and group-ownership for the registry certificate files to root.

Run the following command:
chown root:root /etc/docker/certs.d/<registry-name>/*