1.3 Leverage the least privilege principle

Information

The DB2 database instance will execute under the context of a given security principle. It is recommended that this service have the least privileges possible. Furthermore, it is advisable to have the DB2 service executed using the DB2 instance owner and monitor such accounts for unauthorized access to the sensitive data.

Leveraging a least privilege account for the DB2 service will reduce an attacker's ability to compromise the host operating system should the DB2 service process become compromised.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Ensure that all accounts have the absolute minimal privilege granted to perform their tasks.

See Also

https://workbench.cisecurity.org/files/1654