3.1.18 Reserve the desired port number or name for incoming SSL connections

Information

The ssl_svcename configuration parameter defines the name or number of the port the database server listens for incoming communications from remote client nodes using the SSL protocol. The ssl_svcename and svcename port numbers cannot be the same.
On Linux operating systems, the ssl_svcename file is located in: /etc/services

Consider using a non-default port to help protect the database from attacks directed to a default port.

Solution

Run the following command to set the ssl_svcename parameter value.
db2 => update dbm cfg using ssl_svcename <value> immediate or deferred
Default Value:
Null

See Also

https://workbench.cisecurity.org/files/1654

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.1

Plugin: Unix

Control ID: e37170e7a28a89372e1e0709014b749c7ee16bb5af370273e3ea31f7ced938d0