4.1.14 Specify a Secure Location for External Tables (EXTBL_LOCATION)

Information

The EXTBL_LOCATION database configuration parameter provides an allow list of paths that external tables may access for local files, for both reading and writing. It is recommended that this value be set to appropriate paths with the understanding that confidential data may reside in this directory. Specifying appropriate paths is part of an organizations standard operating procedures (SOP).

Rationale:

External tables can read and write data to the paths configured within the EXTBL_LOCATION configuration parameter. To avoid a loss of confidentiality of the data which may be reside in these paths, they should be examined to ensure they match the values specified by the SOP.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To specify an external table location, perform the following commands:

Connect to the Db2 database

db2 => connect to <dbname>

Run the following command:

db2 => update database configuration using extbl_location <paths>

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Windows

Control ID: 74e8561cc9231831de8d5ca3e5b12014a8fb423007e7c8997602b686e6d1e2c8