2.1 Ensure Authentication is configured | IDENTIFICATION AND AUTHENTICATION |
2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | IDENTIFICATION AND AUTHENTICATION |
3.2 Ensure that MongoDB only listens for network connections on authorized interfaces | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
3.3 Ensure that MongoDB is run using a Least Privileges, dedicated service account | ACCESS CONTROL |
4.1 Ensure Encryption of Data in Transit TLS/SSL (Transport Encryption) | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
5.1 Ensure that system activity is audited | AUDIT AND ACCOUNTABILITY |
5.2 Ensure that audit filters are configured properly | AUDIT AND ACCOUNTABILITY |
5.3 Ensure that logging captures as much information as possible | AUDIT AND ACCOUNTABILITY |
5.4 Ensure that new entries are appended to the end of the log file | AUDIT AND ACCOUNTABILITY |
6.1 Ensure that MongoDB uses a non-default port | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
7.1 Ensure authentication file permissions are set correctly | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
7.2 Ensure that database file permissions are set correctly | ACCESS CONTROL, MEDIA PROTECTION |
CIS_MongoDB_3.6_Benchmark_Level_1_OS_Unix_v1.1.0.audit from CIS MongoDB 3.6 Benchmark | |