8.2.3 Secure the Configuration File

Information

A configuration file, ekeystore.cfg, is created by the user in order to configure external keymanager functionality. This file should be secured against tampering via OS permissions.

Rationale:

Set this file to be readable and writeable by only the Db2 instance owner. If this file is not secured, an attacker may delete it, causing potential interruption of operations.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Change the permissions for the file:

$ chmod 600 ekeystore.cfg

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: IBM_DB2DB

Control ID: 5d3fab5f4d48ea09cf46f99ab0c207ad15d65338beababb4abceaf095c65642e