Detections
Analytics

CIS IBM DB2 11 v1.1.0 Linux OS Level 1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS IBM DB2 11 v1.1.0 Linux OS Level 1

Updated: 12/4/2025

Authority: CIS

Plugin: Unix

Revision: 1.2

Estimated Item Count: 61

File Details

Filename: CIS_IBM_DB2_11_v1.1.0_Level_1_OS_Linux.audit

Size: 109 kB

MD5: 7b3afb4fbac8458e36104f5837e82551
SHA256: d80325c66ffe444449b02791b59dfdd2c600e9c4f2560a77be3c1a7472d175ad

Audit Items

DescriptionCategories
3.1.1 Require Explicit Authorization for Cataloging (CATALOG_NOAUTH)
3.1.2 Secure Permissions for Default Database File Path (DFTDBPATH)
3.1.3 Set Diagnostic Logging to Capture Errors and Warnings (DIAGLEVEL)
3.1.4 Secure Permissions for All Diagnostic Logs (DIAGPATH)
3.1.5 Secure Permissions for Alternate Diagnostic Log Path (ALT_DIAGPATH)
3.1.6 Disable Client Discovery Requests (DISCOVER)
3.1.7 Disable Instance Discoverability (DISCOVER_INST)
3.1.8 Set Maximum Connection Limits (MAX_CONNECTIONS and MAX_COORDAGENTS)
3.1.9 Set Administrative Notification Level (NOTIFYLEVEL)
3.1.10 Secure the Java Development Kit Installation Path (JDK_PATH)
3.1.11 Secure the Python Runtime Path (PYTHON_PATH)
3.1.12 Secure the R Runtime Path (R_PATH)
3.1.13 Secure the Communication Buffer Exit Library (COMM_EXIT_LIST)
3.2.1 Specify Secure Remote Shell Command (DB2RSHCMD)
3.2.2 Turn Off Remote Command Legacy Mode (DB2RCMD_LEGACY_MODE)
3.2.3 Disable Grants During Restore (DB2_RESTORE_GRANT_ADMIN_AUTHORITIES)
3.2.4 Enable Extended Security (DB2_EXTSECURITY)
3.2.5 Limit OS Privileges of Fenced Mode Process (DB2_LIMIT_FENCED_GROUP)
3.3.1 Secure Db2 Runtime Library
3.3.3 Set umask Value in the Db2 Instance Owner's .profile
4.1.2 Set Failed Archive Retry Delay (ARCHRETRYDELAY)
4.1.3 Auto-restart After Abnormal Termination (AUTORESTART)
4.1.4 Disable Database Discovery (DISCOVER_DB)
4.1.5 Secure Permissions for the Primary Archive Log Location (LOGARCHMETH1)
4.1.6 Secure Permissions for the Secondary Archive Log Location (LOGARCHMETH2)
4.1.7 Secure Permissions for the Tertiary Archive Log Location (FAILARCHPATH)
4.1.8 Secure Permissions for the Log Mirror Location (MIRRORLOGPATH)
4.1.9 Secure Permissions for the Log Overflow Location (OVERFLOWLOGPATH)
4.1.10 Establish Retention Set Size for Backups (NUM_DB_BACKUPS)
4.1.11 Set Archive Log Failover Retry Limit (NUMARCHRETRY)
4.1.12 Set Maximum Number of Applications (MAXAPPLS)
4.1.13 Ensure a Secure Connect Procedure is Used (CONNECT_PROC)
4.1.14 Specify a Secure Location for External Tables (EXTBL_LOCATION)
4.1.15 Disable Database Discoverability (DISCOVER_DB)
5.1 Specify a Secure Connection Authentication Type (SRVCON_AUTH)
5.2 Specify a Secure Authentication Type (AUTHENTICATION)
5.3 Database Manager Configuration Parameter: ALTERNATE_AUTH_ENC
5.4 Database Manager Configuration Parameter: TRUST_ALLCLNTS
5.5 Database Manager Configuration Parameter: TRUST_CLNTAUTH
5.6 Database Manager Configuration Parameter: FED_NOAUTH
5.10 DB2AUTH Registry Variable
5.11 DB2CHGPWD_EEE Registry Variable
6.1.1 Secure SYSADM Authority
6.1.2 Secure SYSCTRL Authority
6.1.3 Secure SYSMAINT Authority
6.1.4 Secure SYSMON Authority
7.1.1 Disable the Audit Buffer
7.1.2 Disable Limited Audit of Applications (DB2_LIMIT_AUDIT_APPS)
7.1.4 Ensure Audit is Enabled Within the Instance
8.1.1 Configure a Server-side Key Store for TLS (SSL_SVR_KEYDB)