CIS IBM DB2 11 v1.0.0 Windows OS Level 1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS IBM DB2 11 v1.0.0 Windows OS Level 1

Updated: 6/17/2024

Authority: CIS

Plugin: Windows

Revision: 1.3

Estimated Item Count: 69

File Details

Filename: CIS_IBM_DB2_11_v1.0.0_Level_1_OS_Windows.audit

Size: 135 kB

MD5: baacce800871665db2d6d3a2d546cc8e
SHA256: 7ace1acb8cb607cc07f648f9f7f794d8f8664bf57b414844c2894197025e0eb6

Audit Items

DescriptionCategories
3.1.1 Require Explicit Authorization for Cataloging (CATALOG_NOAUTH)
3.1.2 Secure Ppermissions for Default Database File Path (DFTDBPATH) - DFTDBPATH OS Permissions
3.1.2 Secure Ppermissions for Default Database File Path (DFTDBPATH) - DFTDBPATH Setting
3.1.3 Set Diagnostic Logging to Capture Errors and Warnings (DIAGLEVEL)
3.1.4 Secure Permissions for All Diagnostic Logs (DIAGPATH)
3.1.5 Secure Permissions for Alternate Diagnostic Log Path (ALT_DIAGPATH)
3.1.6 Disable Client Discovery Requests (DISCOVER)
3.1.7 Disable Instance Discoverability (DISCOVER_INST)
3.1.8 Set Maximum Connection Limits (MAX_CONNECTIONS and MAX_COORDAGENTS) - MAX_CONNECTIONS
3.1.8 Set Maximum Connection Limits (MAX_CONNECTIONS and MAX_COORDAGENTS) - MAX_COORDAGENTS
3.1.9 Set Administrative Notification Level (NOTIFYLEVEL)
3.1.10 Secure the Java Development Kit Installation Path (JDK_PATH)
3.1.11 Secure the Python Runtime Path (PYTHON_PATH)
3.1.12 Secure the R Runtime Path (R_PATH)
3.1.13 Secure the Communication Buffer Exit Library (COMM_EXIT_LIST)
3.2.1 Specify Secure Remote Shell Command (DB2RSHCMD)
3.2.2 Turn Off Remote Command Legacy Mode (DB2RCMD_LEGACY_MODE)
3.2.3 Disable Grants During Restore (DB2_RESTORE_GRANT_ADMIN_AUTHORITIES)
3.2.4 Enable Extended Security (DB2_EXTSECURITY)
3.2.5 Limit OS Privileges of Fenced Mode Process (DB2_LIMIT_FENCED_GROUP)
3.3.1 Secure Db2 Runtime Library
4.1.2 Set Failed Archive Retry Delay (ARCHRETRYDELAY)
4.1.3 Auto-restart After Abnormal Termination (AUTORESTART)
4.1.4 Disable Database Discovery (DISCOVER_DB)
4.1.5 Secure Permissions for the Primary Archive Log Location (LOGARCHMETH1) - LOGARCHMETH1 OS Permissions
4.1.5 Secure Permissions for the Primary Archive Log Location (LOGARCHMETH1) - LOGARCHMETH1 Setting
4.1.6 Secure Permissions for the Secondary Archive Log Location (LOGARCHMETH2) - LOGARCHMETH2 OS Permissions
4.1.6 Secure Permissions for the Secondary Archive Log Location (LOGARCHMETH2) - LOGARCHMETH2 Setting
4.1.7 Secure Permissions for the Tertiary Archive Log Location (FAILARCHPATH) - FAILARCHPATH OS Permissions
4.1.7 Secure Permissions for the Tertiary Archive Log Location (FAILARCHPATH) - FAILARCHPATH Setting
4.1.8 Secure Permissions for the Log Mirror Location (MIRRORLOGPATH) - MIRRORLOGPATH OS Permissions
4.1.8 Secure Permissions for the Log Mirror Location (MIRRORLOGPATH) - MIRRORLOGPATH Setting
4.1.9 Secure Permissions for the Log Overflow Location (OVERFLOWLOGPATH) - OVERFLOWLOGPATH OS Permissions
4.1.9 Secure Permissions for the Log Overflow Location (OVERFLOWLOGPATH) - OVERFLOWLOGPATH Setting
4.1.10 Establish Retention Set Size for Backups (NUM_DB_BACKUPS)
4.1.11 Set Archive Log Failover Retry Limit (NUMARCHRETRY)
4.1.12 Set Maximum Number of Applications (MAXAPPLS)
4.1.13 Ensure a Secure Connect Procedure is Used (CONNECT_PROC)
4.1.14 Specify a Secure Location for External Tables (EXTBL_LOCATION)
4.1.15 Disable Database Discoverability (DISCOVER_DB)
5.1 Specify a Secure Connection Authentication Type (SRVCON_AUTH)
5.2 Specify a Secure Authentication Type (AUTHENTICATION)
5.3 Database Manager Configuration Parameter: ALTERNATE_AUTH_ENC
5.4 Database Manager Configuration Parameter: TRUST_ALLCLNTS
5.5 Database Manager Configuration Parameter: TRUST_CLNTAUTH
5.6 Database Manager Configuration Parameter: FED_NOAUTH
5.8 DB2_GRP_LOOKUP Registry Variable (Windows only)
5.9 DB2DOMAINLIST registry variable (Windows only)
5.10 DB2AUTH Registry Variable
5.11 DB2CHGPWD_EEE Registry Variable