6.1.2 Secure SYSCTRL Authority

Information

The sysctrl_group parameter defines the system administrator group with system control (SYSCTRL) authority. It is recommended that the sysctrl_group group contains authorized users only.

Rationale:

If an account that possesses this authority is compromised or used in a malicious manner, the confidentiality, integrity, and availability of data in the Db2 instance will be at increased risk.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Define a valid group name for the SYSCTRL group.

Attach to the Db2 instance.

db2 => attach to <db2instance>

Run the following command:

db2 => update dbm cfg using sysctrl_group <sys control group name>

Default Value:

The default value for sysctrl_group is NULL.

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 86bb2f52e16abe4ef33225c0c848a9922346b2c8c94086364d33afb5bee7f66f