8.2.5 Backup the Stash File

Information

A stash file is an obfuscated file that contains the credentials that are needed to access the keystore. If a keystore password was not provided during db2start, the password will be retrieved from the stash file.

A stash file is created when -stash command is used during the creation of the keystore.

Rationale:

Backup the stash file. If access to the stash file is lost, and it can not be re-created because knowledge of the password has been lost, then you will not have access to the keystore file. This may result in the inability to decrypt the database or backup files.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Backup the stash file to a safe location.

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: CONTINGENCY PLANNING

References: 800-53|CP-9, 800-53|CP-10, CSCv7|10.2

Plugin: IBM_DB2DB

Control ID: 97d5b1c2d04eafaac4b6b4ae250039740af68dd0453e9c2599095765d7b20af3