CIS IBM DB2 OS L1 v1.2.0

Audit Details

Name: CIS IBM DB2 OS L1 v1.2.0

Updated: 4/25/2022

Authority: CIS

Plugin: Unix

Revision: 1.25

Estimated Item Count: 32

File Details

Filename: CIS_v1.2.0_IBM_DB2_OS_Linux_Level_1.audit

Size: 32.1 kB

MD5: 402e8f394543f561a99b96dc5615ff95
SHA256: c50c0845b38f04c72c7f8cf66fe1c5f72bc95fd867682451f7faffa49cac44a8

Audit Items

DescriptionCategories
1.0.2 Use IP address rather than hostname - 'db2system = IP'

CONFIGURATION MANAGEMENT

1.0.3 Leverage a least privilege principle
1.0.4 Use non-standard account names - '!= dasusr1'

CONFIGURATION MANAGEMENT

1.0.4 Use non-standard account names - '!= db2admin'

CONFIGURATION MANAGEMENT

1.0.4 Use non-standard account names - '!= db2fenc1'

CONFIGURATION MANAGEMENT

1.0.4 Use non-standard account names - '!= db2inst1'

CONFIGURATION MANAGEMENT

2.0.1 Secure DB2 Runtime Library
2.0.2 Secure all database containers
2.0.3 Set umask value for DB2 admin user .profile file

ACCESS CONTROL

3.1.6 Secure permission of default database location
3.1.8 Secure all diagnostic logs - 'diagpath location'

AUDIT AND ACCOUNTABILITY

3.2.4 Establish secure archive log location - 'logarchmeth1 location'
3.2.5 Secure permission of the primary archive log location
3.2.6 Establish secure secondary archive location - 'logarchmeth2 location'
3.2.7 Secure permission of the secondary archive log location
3.2.8 Establish secure tertiary archive location - 'failarchpath location'
3.2.9 Secure permission of the tertiary archive location
3.2.10 Establish secure log mirror location - 'mirrorlogpath location'
3.3.1 Establish DAS administrative group - 'dasadm_group name'

ACCESS CONTROL

4.0.2 Review Security Rule Exemptions
4.0.3 Review Security Label Component
4.0.4 Review Security Label Policies
4.0.5 Review Security Labels
5.0.2 Protecting Backups
5.0.4 Schedule Runstat and Reorg
7.0.3 Establish system maintenance group - 'sysmaint_group users'

ACCESS CONTROL

7.0.4 Establish system monitoring group - 'sysmon_group users'

ACCESS CONTROL

8.0.1 Start and Stop DB2 Instance
9.0.1 Secure DB2 Control Center
9.0.2 Secure DB2 Configuration Assistant Utility
9.0.3 Secure DB2 Health Monitor Utility
9.0.4 DB2 Activity Monitor Utility