iCompaas Support

Profile Applicability:

• Level 2

Description:

The /etc/default/docker file contains configuration parameters used by the Docker daemon. It is important to ensure that this file is owned by root:root to prevent unauthorized access and modification.

Rationale:

The /etc/default/docker file is critical for Docker’s configuration. Unauthorized changes to this file could affect Docker’s functionality and security. Ensuring that it is owned by root:root restricts the ability to modify this file to authorized users only, minimizing the risk of unauthorized configuration changes.

Impact:

Pros:

• Prevents unauthorized access to and modification of Docker’s configuration file, ensuring that only root users can change Docker's behavior.

• Enhances the overall security of the Docker environment.

Cons:

• Requires regular checks to ensure ownership is maintained, especially after updates or changes to the system.

Default Value:

By default, the /etc/default/docker file is owned by root:root. However, ownership could be changed during administrative actions or unauthorized access.

Pre-requisites:

• Administrative privileges on the Docker host system.

• Access to the file system to inspect and modify ownership.

Remediation:

Test Plan:

Using AWS Console:

1. Log in to the EC2 instance running Docker.
   

2. Verify the ownership of the /etc/default/docker file:
   

   ls -l /etc/default/docker

Using AWS CLI:

1. Connect to the EC2 instance where Docker is running.

2. Run the following command to verify the ownership of the /etc/default/docker file:
   

   ls -l /etc/default/docker

Implementation Plan:

Using AWS Console:

1. Log in to the EC2 instance.

2. Set the ownership of the /etc/default/docker file to root:root:
   

   sudo chown root:root /etc/default/docker

3. Restart Docker to ensure the changes take effect:
   

   sudo systemctl restart docker

Using AWS CLI:

1. Use SSM to modify the ownership of the /etc/default/docker file and restart Docker:
   

   aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["sudo chown root:root /etc/default/docker && sudo systemctl restart docker"]'

Backout Plan:

Using AWS Console:

1. Log in to the EC2 instance.

2. Revert the ownership of the /etc/default/docker file if necessary:
   

   sudo chown <previous-owner>:<previous-group> /etc/default/docker

3. Restart Docker to apply the changes:
   

Using AWS CLI:

1. Use SSM to revert the ownership and restart Docker:
   

   aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["sudo chown <previous-owner>:<previous-group> /etc/default/docker && sudo systemctl restart docker"]'

References:

• Docker Documentation - Docker Daemon