Detections
Analytics
MD8X-00-012800 - MongoDB must require users to be individually authenticated before granting access to the shared accounts or resources.
Information
Individual authentication prior to shared group authentication mitigates the risk of using group accounts or authenticators.Solution
Enable authorization for MongoDB Enterprise.Read the directions in the MongoDB documentation here:
https://www.mongodb.com/docs/v8.0/tutorial/configure-scram-client-authentication/
Create the user administrator.
Edit the MongoDB database configuration file (default location /etc/mongod.conf) to contain the following setting in the security section:
security:
authorization: enabled
Stop/start (restart) the mongod or mongos instance using this configuration.
Log on to MongoDB as an authorized user created by the user administrator and run the following command to verify the output is "true":
db.getSiblingDB("admin").runCommand({getCmdLineOpts: 1}).parsed.security.authorization
The output of this command must be "true".
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MDB_Enterprise_Advanced_8-x_V1R1_STIG.zip
Item Details
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-2(5), CAT|II, CCI|CCI-004045, Rule-ID|SV-279399r1179524_rule, STIG-ID|MD8X-00-012800, Vuln-ID|V-279399
Plugin: Unix
Control ID: 0464fd65b40cb736be3b384eeda3e5ffbb6337cdf98281fdd059df23588fe48d