7.1 Secure SYSADM authority - SYSADM Group Members

Information

The sysadm_group parameter defines the system administrator group (SYSADM) authority. It is recommended that the sysadm_group group contains authorized users only.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Define a valid group name for the SYSADM group.
1. Attach to the DB2 instance.
db2 => attach to $DB2INSTANCE
2. Run the following command from the DB2 command window-
db2 => update database manager configuration using sysadm_group <sys adm group name>

See Also

https://workbench.cisecurity.org/files/162

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(5), CSCv6|5.1

Plugin: Unix

Control ID: a92a50bdc36c60d2d3f743194bbef88d2cc96698831e54401a4805c90a49e163