4.1.15 Disable Database Discoverability (DISCOVER_DB)

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The DISCOVER_DB parameter specifies whether the database can be discovered in the network. It is recommended that databases not be discoverable.

Rationale:

Discovery capabilities may be used by a malicious entity to derive the names of and target Db2 databases.

Solution

Connect to the Db2 database.

db2 => connect to <dbname>

Run the following command:

db2 => update database configuration using discover_db disable

See Also

https://workbench.cisecurity.org/files/4033