2.1 Ensure that authentication is enabled for MongoDB databases

Information

This setting ensures that all clients, users, and/or servers are required to authenticate prior to being granted access to the MongoDB database.
Rationale:
Failure to authenticate clients, users, and/or servers can enable unauthorized access to the MongoDB database and can prevent tracing actions back to their sources.

Solution

The authentication mechanism should be implemented before anyone accesses the MongoDB Server.
To enable the authentication mechanism:
Start the MongoDB instance without authentication.
mongod --port 27017 --dbpath /data/db1]
Create the system user administrator, ensuring that its password meets organizationally-defined password complexity requirements.
use admin
db.createUser(
{
user: 'siteUserAdmin',
pwd: 'password',
roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ]
}
)
Restart the MongoDB instance with authentication enabled.
mongod --auth --config /etc/mongod.conf
Default Value:
Not configured

See Also

https://workbench.cisecurity.org/files/1705

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2, CSCv6|16

Plugin: Windows

Control ID: 4815d8e4bbd027af474e5dfc30b82e78f71f989a3b003a155ec7a2c42f590df7