CIS IBM DB2 OS L2 v1.2.0

Audit Details

Name: CIS IBM DB2 OS L2 v1.2.0

Updated: 4/25/2022

Authority: CIS

Plugin: Unix

Revision: 1.26

Estimated Item Count: 39

File Details

Filename: CIS_v1.2.0_IBM_DB2_OS_Linux_Level_2.audit

Size: 47.8 kB

MD5: a03e941cbfebc6756b51b1bd07c96ded
SHA256: 940e74d3e98a8d86982dc2093f537fe2b878c769389c60d1a4944f52d97efd15

Audit Items

DescriptionCategories
1.0.1 Install the latest Fixpak

SYSTEM AND INFORMATION INTEGRITY

3.1.1 Enable audit buffer - 'audit_buf_sz <= 1000'

AUDIT AND ACCOUNTABILITY

3.1.2 Encrypt user data across the network - 'authentication = Data_Encrypt'

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.3 Require explicit authorization for cataloging - 'catalog_noauth = no'

ACCESS CONTROL

3.1.4 Disable data links support - 'datalinks = no'

CONFIGURATION MANAGEMENT

3.1.5 Secure default database location - 'DFTDBPATH directory ownership'
3.1.5 Secure default database location - 'DFTDBPATH value'

AUDIT AND ACCOUNTABILITY

3.1.7 Set diagnostic logging to capture errors and warnings - 'diaglevel = 3 or 4'

AUDIT AND ACCOUNTABILITY

3.1.9 Require instance name for discovery requests - 'discover = known'

CONFIGURATION MANAGEMENT

3.1.10 Disable instance discoverability - 'discover_inst = disable'

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.11 Authenticate federated users at the instance level - 'fed_noauth = no'

ACCESS CONTROL

3.1.12 Enable instance health monitoring - 'health_mon = on'

CONFIGURATION MANAGEMENT

3.1.13 Retain fenced model processes - 'keepfenced = no'

CONFIGURATION MANAGEMENT

3.1.14 Set maximum connection limits - 'max_connections <= 100'

ACCESS CONTROL

3.1.14 Set maximum connection limits - 'max_coordagents <= 100'

ACCESS CONTROL

3.1.14 Set maximum connection limits - 'maxappls <= 99'

ACCESS CONTROL

3.1.15 Set administrative notification level - 'notifylevel = 3 or 4'

AUDIT AND ACCOUNTABILITY

3.1.16 Enable server-based authentication - 'srvcon_auth = server'

IDENTIFICATION AND AUTHENTICATION

3.2.1 Set failed archive retry delay - 'archretrydelay <= 20'

CONFIGURATION MANAGEMENT

3.2.2 Auto-restart after abnormal termination - 'autorestart = on'

CONFIGURATION MANAGEMENT

3.2.3 Disable database discover - 'discover_db = disable'

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.11 Establish retention set size for backups - 'num_db_backups <= 100'

CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY

3.2.12 Set archive log failover retry limit - 'numarchretry <= 5'

CONFIGURATION MANAGEMENT

3.3.2 Set a generic system name - 'db2system value'

CONFIGURATION MANAGEMENT

3.3.3 Disable DAS discoverability - 'discover = disable'

CONFIGURATION MANAGEMENT

3.3.4 Do not execute expired tasks - 'exec_exp_task = no'

CONFIGURATION MANAGEMENT

3.3.5 Secure the JDK runtime library - 'jdk_path value'

CONFIGURATION MANAGEMENT

3.3.6 Secure the JDK 64-bit runtime library - 'jdk_64_path value'

CONFIGURATION MANAGEMENT

3.3.7 Disable unused task scheduler - 'sched_enable = off'

CONFIGURATION MANAGEMENT

4.0.1 Enforce Label-Based Access Controls Implementation
5.0.1 Enable Backup Redundancy
5.0.3 Enable Database Maintenance - 'auto_maint = on'

CONFIGURATION MANAGEMENT

7.0.1 Establish an administrator group - 'sysadm_group value'

ACCESS CONTROL

7.0.2 Establish system control group - 'sysctrl_group value'

ACCESS CONTROL

8.0.2 Start and Stop DB2 Administrator Server
8.0.5 Remove Default Databases - 'Database name != SAMPLE'

CONFIGURATION MANAGEMENT

8.0.6 Enable SSL communication with LDAP server

SYSTEM AND COMMUNICATIONS PROTECTION

8.0.7 Secure the permission of the IBMLDAPSecurity.ini file
8.0.8 Secure the permission of the SSLconfig.ini file