2.2 Ensure that MongoDB does not bypass authentication via the localhost exception

Information

MongoDB should not be set to bypass authentication via the localhost exception. The localhost exception allows you to enable authorization before creating the first user in the system.

Note: This recommendationonlyapplies when there are no users created in the MongoDB instance.

Rationale:

Disabling this exception will prevent unauthorized local access to the MongoDB database. It will also ensuretraceabilityof each database activity to a specific user.

Solution

SinceenableLocalhostAuthBypass is not available using the setParameter database command, use the setParameter option in the configuration file to set it to false.

setParameter:

enableLocalhostAuthBypass: false

Default Value:

Not configured

See Also

https://workbench.cisecurity.org/files/168

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: 34c1cc271125f4ea45a375bffb49e475ff34880e444a9c287dbcdfe95fab06ab