iCompaas Support

Profile Applicability:

• Level 1

Description:

The /etc/docker directory contains configuration files that are essential for Docker's operation. It is important to ensure that this directory has appropriate permissions to prevent unauthorized access or modifications, which could compromise Docker's security.

Rationale:

Setting the correct file permissions on the /etc/docker directory ensures that only authorized users (typically root) can access or modify Docker's configuration files. Improper permissions could allow unauthorized users to alter Docker's behavior or gain access to sensitive information.

Impact:

Pros:

• Prevents unauthorized modifications to Docker configuration files, ensuring Docker’s integrity.

• Enhances system security by limiting access to Docker’s operational settings.

Cons:

• Misconfiguring permissions could lead to the inability of Docker or users to read or modify the configuration files.

Default Value:

The default permissions for /etc/docker are usually set to 755, allowing the owner (root) full control while restricting access to others.

Pre-requisites:

• Administrative privileges on the Docker host system.

• Basic understanding of Linux file permissions.

Remediation

Test Plan:

Using AWS Console:

1. Log in to the EC2 instance running Docker.

2. Verify the permissions of the /etc/docker directory:

Using AWS CLI:

1. Connect to the EC2 instance where Docker is running.

2. Run the following command to check the permissions of the /etc/docker directory:
   

   ls -ld /etc/docker

Implementation Plan:

Using AWS Console:

1. Log in to the EC2 instance.

2. Set the correct permissions for the /etc/docker directory:

3. Ensure that the directory is owned by root:

Using AWS CLI:

1. Use SSM to modify the permissions and ownership of the /etc/docker directory:
   

   aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["sudo chmod 755 /etc/docker && sudo chown root:root /etc/docker"]'

Backout Plan:

Using AWS Console:

1. Log in to the EC2 instance.

2. Revert the permissions to the default settings if necessary:
   

   sudo chmod 755 /etc/docker
   sudo chown root:root /etc/docker

Using AWS CLI:

1. Use SSM to revert the permissions and ownership to the default settings:
   

   aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["sudo chmod 755 /etc/docker && sudo chown root:root /etc/docker"]'

References:

• Docker CLI Documentation