CIS IBM DB2 v10 v1.1.0 Linux OS Level 1

Audit Details

Name: CIS IBM DB2 v10 v1.1.0 Linux OS Level 1

Updated: 4/25/2022

Authority: CIS

Plugin: Unix

Revision: 1.5

Estimated Item Count: 49

File Details

Filename: CIS_IBM_DB2_10_v1.1.0_Level_1_OS_Linux.audit

Size: 67.8 kB

MD5: caad570e2c56a6e36647d9cdf155e2ae
SHA256: 014f6d60a562a4ac222300d22ddcf01e6ade6cf01e4de81b21f5d05f3521f8e8

Audit Items

DescriptionCategories
1.2 Use IP address rather than hostname

CONFIGURATION MANAGEMENT

1.4 Use non-default account names
1.5 Configure DB2 to use non-standard ports - Port 523

CONFIGURATION MANAGEMENT

1.5 Configure DB2 to use non-standard ports - Port 50000

CONFIGURATION MANAGEMENT

2.1 Secure DB2 Runtime Library
2.2 Secure the database container directory
2.3 Set umask value for DB2 admin user .profile file

ACCESS CONTROL

3.1.1 Enable audit buffer

AUDIT AND ACCOUNTABILITY

3.1.2 Encrypt user data across the network

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.3 Require explicit authorization for cataloging

ACCESS CONTROL

3.1.4 Disable datalinks support
3.1.5 Secure permissions for default database file path
3.1.6 Set diagnostic logging to capture errors and warnings

AUDIT AND ACCOUNTABILITY

3.1.7 Secure permissions for all diagnostic logs
3.1.8 Require instance name for discovery requests

CONFIGURATION MANAGEMENT

3.1.9 Disable instance discoverability

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.10 Authenticate federated users at the instance level

ACCESS CONTROL

3.1.11 Set maximum connection limits - MAX_CONNECTIONS

ACCESS CONTROL

3.1.11 Set maximum connection limits - MAX_COORDAGENTS

ACCESS CONTROL

3.1.11 Set maximum connection limits - MAXAPPLS

ACCESS CONTROL

3.1.12 Set administrative notification level

AUDIT AND ACCOUNTABILITY

3.1.13 Enable server-based authentication

IDENTIFICATION AND AUTHENTICATION

3.1.14 Set failed archive retry delay

CONFIGURATION MANAGEMENT

3.1.15 Auto-restart after abnormal termination

CONFIGURATION MANAGEMENT

3.1.16 Disable database discovery

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 OS Permissions
3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 Setting

AUDIT AND ACCOUNTABILITY

3.1.18 Secure permissions for the secondary archive log location - LOGARCHMETH2 OS Permission
3.1.18 Secure permissions for the secondary archive log location - LOGARCHMETH2 Setting

AUDIT AND ACCOUNTABILITY

3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS Permission
3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH Setting

AUDIT AND ACCOUNTABILITY

3.1.20 Secure permissions for the log mirror location - MIRROLOGPATH OS Permission
3.1.20 Secure permissions for the log mirror location - MIRRORLOGPATH Setting

AUDIT AND ACCOUNTABILITY

3.1.21 Establish retention set size for backups

CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY

3.1.22 Set archive log failover retry limit

CONFIGURATION MANAGEMENT

4.3 Review Users, Groups, and Roles - Groups list

ACCESS CONTROL

4.3 Review Users, Groups, and Roles - Users list

ACCESS CONTROL

5.1 Enable Backup Redundancy
5.2 Protecting Backups
5.3 Enable Automatic Database Maintenance

CONFIGURATION MANAGEMENT

7.3 Secure SYSMAINT Authority

ACCESS CONTROL

7.4 Secure SYSMON Authority

ACCESS CONTROL

9.1 Start and Stop DB2 Instance
9.4 Remove Default Databases

CONFIGURATION MANAGEMENT

9.5 Enable SSL communication with LDAP server

IDENTIFICATION AND AUTHENTICATION

9.6 Secure the permission of the IBMLDAPSecurity.ini file
9.7 Secure the permission of the SSLconfig.ini file
9.9 Secure plug-in library locations

CONFIGURATION MANAGEMENT

9.11 Ensure permissions on communication exit library locations