iCompaas Support

Profile Applicability:

• Level 1
  

Description:

The /etc/docker directory, which stores Docker configuration files, should be owned by the root user and the root group to prevent unauthorized access or modifications.

Rationale:

The Docker configuration directory contains files that affect the operation of Docker. Unauthorized modification of these files could lead to system compromise. Therefore, restricting ownership to root:root ensures that only privileged users can make changes to Docker configurations.

Impact:

Pros:

• Reduces the risk of unauthorized modifications to Docker configurations.

• Enhances security by ensuring that only root can modify Docker's operational parameters.

Cons:

• Requires regular audits to ensure that ownership remains correct.

Default Value:

By default, the /etc/docker directory should be owned by root:root.

Pre-requisites:

• Docker installed and running.

• Administrative privileges to modify directory ownership.
  

Remediation:

Test Plan:

Using AWS Console:

1. Log in to the EC2 instance running Docker.

2. Verify that the ownership of the /etc/docker directory is set to root:root:
   

   stat -c %U:%G /etc/docker

Using AWS CLI:

1. Connect to the EC2 instance where Docker is running.

2. Run the following command to check the ownership:
   

   stat -c %U:%G /etc/docker

Implementation Plan:

Using AWS Console:

1. Log in to the EC2 instance.

2. Set the ownership of the /etc/docker directory to root:root:
   

   sudo chown root:root /etc/docker

3. Restart Docker (if necessary) to apply changes:
   

   sudo systemctl restart docker

Using AWS CLI:

1. Use SSM to change the ownership and restart Docker:
   

   aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["sudo chown root:root /etc/docker && sudo systemctl restart docker"]'

Backout Plan:

Using AWS Console:

1. Log in to the EC2 instance.

2. Revert the ownership of the /etc/docker directory if necessary:
   

   sudo chown <previous-owner>:<previous-group> /etc/docker

3. Restart Docker:
   

   sudo systemctl restart docker

Using AWS CLI:

1. Use SSM to revert the ownership and restart Docker:
   

   aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["sudo chown <previous-owner>:<previous-group> /etc/docker && sudo systemctl restart docker"]'

References:

• Docker Configuration File