3.3.2 Secure the Database Container Directory

Information

A Db2 database container is the physical storage of the data.

Rationale:

The containers are needed for the database to operate properly. The loss of the containers can cause down time. Also, allowing excessive access to the containers may help an attacker to gain access to their contents. Therefore, secure the location(s) of the containers by restricting the access and ownership. Allow only the instance owner to have access to the tablespace containers.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

On Linux and AIX, set the privileges for the directory of the containers so that only the instance owner has full access, and all other users have no access.
On Windows, set the privileges for the directory of the containers and the container files so that only administrators, and if extended security is enabled members of the DB2ADMINS group, have full access, and all other users have no access.

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: IBM_DB2DB

Control ID: 20b6bef1e46dde592d81beaca456326609ff252f459ce97e0eea96f870623d18