CIS IBM DB2 v10 v1.1.0 Linux OS Level 2

Audit Details

Name: CIS IBM DB2 v10 v1.1.0 Linux OS Level 2

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.10

Estimated Item Count: 55

File Details

Filename: CIS_IBM_DB2_10_v1.1.0_Level_2_OS_Linux.audit

Size: 79.4 kB

MD5: 74916189ca9712d801cf35e0a9bdb6e1
SHA256: 7dbe48120beffa8381284928fb01149c2e5aaf9a40bdbb7316e156c541284f65

Audit Items

DescriptionCategories
1.2 Use IP address rather than hostname

CONFIGURATION MANAGEMENT

1.4 Use non-default account names

ACCESS CONTROL

1.5 Configure DB2 to use non-standard ports - Port 523

CONFIGURATION MANAGEMENT

1.5 Configure DB2 to use non-standard ports - Port 50000

CONFIGURATION MANAGEMENT

2.1 Secure DB2 Runtime Library
2.2 Secure the database container directory
2.3 Set umask value for DB2 admin user .profile file

ACCESS CONTROL

3.1.1 Enable audit buffer

AUDIT AND ACCOUNTABILITY

3.1.2 Encrypt user data across the network

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.3 Require explicit authorization for cataloging

ACCESS CONTROL

3.1.4 Disable datalinks support
3.1.5 Secure permissions for default database file path (Scored)
3.1.6 Set diagnostic logging to capture errors and warnings

AUDIT AND ACCOUNTABILITY

3.1.7 Secure permissions for all diagnostic logs
3.1.8 Require instance name for discovery requests

CONFIGURATION MANAGEMENT

3.1.9 Disable instance discoverability

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.10 Authenticate federated users at the instance level

ACCESS CONTROL

3.1.11 Set maximum connection limits - MAX_CONNECTIONS

ACCESS CONTROL

3.1.11 Set maximum connection limits - MAX_COORDAGENTS

ACCESS CONTROL

3.1.11 Set maximum connection limits - MAXAPPLS

ACCESS CONTROL

3.1.12 Set administrative notification level

AUDIT AND ACCOUNTABILITY

3.1.13 Enable server-based authentication

IDENTIFICATION AND AUTHENTICATION

3.1.14 Set failed archive retry delay

CONFIGURATION MANAGEMENT

3.1.15 Auto-restart after abnormal termination

CONFIGURATION MANAGEMENT

3.1.16 Disable database discovery

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 OS Permissions
3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 Setting

AUDIT AND ACCOUNTABILITY

3.1.18 Secure permissions for the secondary archive log location - LOGARCHMETH2 OS Permission
3.1.18 Secure permissions for the secondary archive log location - LOGARCHMETH2 Setting

AUDIT AND ACCOUNTABILITY

3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS Permission
3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH Setting

AUDIT AND ACCOUNTABILITY

3.1.20 Secure permissions for the log mirror location - MIRROLOGPATH OS Permission
3.1.20 Secure permissions for the log mirror location - MIRRORLOGPATH Setting

AUDIT AND ACCOUNTABILITY

3.1.21 Establish retention set size for backups

CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY

3.1.22 Set archive log failover retry limit

CONFIGURATION MANAGEMENT

4.1 Review Organization's Policies against DB2 RCAC Policies
4.3 Review Users, Groups, and Roles - Groups list

ACCESS CONTROL

4.3 Review Users, Groups, and Roles - Users list

ACCESS CONTROL

5.1 Enable Backup Redundancy
5.2 Protecting Backups
5.3 Enable Automatic Database Maintenance

CONFIGURATION MANAGEMENT

7.1 Secure SYSADM authority - SYSADM Group

ACCESS CONTROL

7.1 Secure SYSADM authority - SYSADM Group Members

ACCESS CONTROL

7.2 Secure SYSCTRL authority - SYSCTRL Group

ACCESS CONTROL

7.2 Secure SYSCTRL authority - SYSCTRL Group Members

ACCESS CONTROL

7.3 Secure SYSMAINT Authority

ACCESS CONTROL

7.4 Secure SYSMON Authority

ACCESS CONTROL

9.1 Start and Stop DB2 Instance
9.4 Remove Default Databases

CONFIGURATION MANAGEMENT

9.5 Enable SSL communication with LDAP server

IDENTIFICATION AND AUTHENTICATION