7.12 Secure BINDADD Authority

Information

The BINDADD (bind application) role grants the authority to a user to create packages on a specific database. It is recommended that the BINDADD role be granted to authorized users only.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Revoke this permission from any unauthorized users.
1. Connect to the DB2 database.
db2 => connect to $DB2DATABASE user $USERNAME using $PASSWORD
2. Run the following command from the DB2 command window-
db2 => REVOKE BINDADD ON DATABASE FROM USER <username>

See Also

https://workbench.cisecurity.org/files/162