7.1 Ensure appropriate key file permissions are set

Information

In the Shared Cluster, the certificate or keyfile is utilized for authentications. Implementing proper file permissions on the certificate or keyfile will prevent unauthorized access to it.

Protecting the certificate/keyfile strengthens authentication in the sharded cluster and prevents unauthorized access to the MongoDB database.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Set the keyFile ownership to mongodb user and remove other permissions by executing these commands:

chmod 600 /keyfile
sudo chown mongodb:mongodb /keyfile

See Also

https://workbench.cisecurity.org/benchmarks/15675

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, 800-53|IA-5(1), CSCv6|16.14, CSCv7|16.4

Plugin: Windows

Control ID: 635cd683ef4d22df5add157a7b340a6d2441c2d7fe5e085fa531a3680cd92a36