8.8 Secure the permissions of the SSLconfig.ini file

Information

The SSLconfig.ini file contains the SSL configuration parameters for the DB2 instance, including the password for KeyStore.

Recommended value is read-only (RO) to Everyone/Other/Users/Domain Users. This will ensure that the parameter file is protected.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

For Windows:
1. Connect to the DB2 host
2. Right-click over the file directory
3. Choose Properties
4. Select the Security tab
5. Select all non-administrator accounts and revoke the Full Control authority
For Linux:
1. Connect to the DB2 host
2. Change to the file directory
3. Change the permission level of the directory
OS => chmod ?R 740
Default Value:
The default value for this directory is read-and-write access to non-administrator accounts.
Notes:
The file is located under INSTANCE_HOME/cfg/, for Unix; and %INSTHOME\, for MS Windows. Only the instance owner should have access to this file.

See Also

https://workbench.cisecurity.org/files/1654