Detections
Analytics

TNS MongoDB 2.4 Best Practices Linux OS Audit v1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: TNS MongoDB 2.4 Best Practices Linux OS Audit v1.0

Updated: 1/13/2020

Authority: TNS

Plugin: Unix

Revision: 1.18

Estimated Item Count: 31

Audit Items

DescriptionCategories
Audit System Activity - 'verbose = true'

AUDIT AND ACCOUNTABILITY

Audit System Activity - config - 'diaglog != 0'

AUDIT AND ACCOUNTABILITY

Audit System Activity - config - 'logappend = true'

AUDIT AND ACCOUNTABILITY

Audit System Activity - config - 'logpath'

AUDIT AND ACCOUNTABILITY

Audit System Activity - config - 'setParameter logLevel=1'

AUDIT AND ACCOUNTABILITY

Audit System Activity - config - 'setParameter logUserIds = 1'

AUDIT AND ACCOUNTABILITY

Audit System Activity - config - 'syslog = true'

AUDIT AND ACCOUNTABILITY

Authenticate Communication - config - 'keyFile'

IDENTIFICATION AND AUTHENTICATION

Encrypt and Protect Data - config - 'quota = true'

SYSTEM AND COMMUNICATIONS PROTECTION

Encrypt and Protect Data - config - 'quotaFiles'

SYSTEM AND COMMUNICATIONS PROTECTION

Encrypt Communication - config - 'sslCAFile'

SYSTEM AND COMMUNICATIONS PROTECTION

Encrypt Communication - config - 'sslCRLFile'

SYSTEM AND COMMUNICATIONS PROTECTION

Encrypt Communication - config - 'sslFIPSMode = true'

SYSTEM AND COMMUNICATIONS PROTECTION

Encrypt Communication - config - 'sslOnNormalPorts'

SYSTEM AND COMMUNICATIONS PROTECTION

Encrypt Communication - config - 'sslPEMKeyFile'

SYSTEM AND COMMUNICATIONS PROTECTION

Encrypt Communication - config - 'sslWeakCertificateValidation = false'

SYSTEM AND COMMUNICATIONS PROTECTION

Limit Network Exposure - 'ipv6 = false'

CONFIGURATION MANAGEMENT

Limit Network Exposure - 'jsonp = false'

CONFIGURATION MANAGEMENT

Limit Network Exposure - 'nohttpinterface = true'

CONFIGURATION MANAGEMENT

Limit Network Exposure - 'REST interface is disabled'
Require Authentication - config - 'auth = true'

IDENTIFICATION AND AUTHENTICATION

Require Authentication - config - 'noauth does not exist'

IDENTIFICATION AND AUTHENTICATION

Require Authentication - config - 'setParameter enableTestCommands != 1'

CONFIGURATION MANAGEMENT

Run MongoDB with a Dedicated User - 'MONGO_GROUP'

ACCESS CONTROL

Run MongoDB with a Dedicated User - 'MONGO_USER'

ACCESS CONTROL

Run MongoDB with Secure Configuration Options - 'quiet'
Run MongoDB with Secure Configuration Options - config - 'bind_ip is configured'

CONFIGURATION MANAGEMENT

Run MongoDB with Secure Configuration Options - config - 'maxConns'

ACCESS CONTROL

Run MongoDB with Secure Configuration Options - config - 'port != 27017'

CONFIGURATION MANAGEMENT

Run MongoDB with Secure Configuration Options - config - 'setParameter enableLocalhostAuthBypass = 0'

CONFIGURATION MANAGEMENT

TNS_MongoDB_2_4_Best_Practices_v1.0-OS-Linux.audit