STIGQter STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:

Database software, including DBMS configuration files, must be stored in dedicated directories, separate from the host OS and other applications.

DISA Rule

SV-89145r1_rule

Vulnerability Number

V-74471

Group Title

SRG-APP-000133-DB-000199

Rule Version

DB2X-00-003100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove the non-DB2 software from instance home directory and subdirectories.

Remove the non-DB2 software from DB2 installation directories and subdirectories.

Check Contents

The base installation directory of the database server software and the instance home directory location is configurable at the time of installation.

Run the db2ls command to find the installation directory of DB2 server software.

The environment variable INSTHOME points to instance home directory.

If there are non-DB2-related files in the instance home directory and the subsequent subdirectories under it, this is a finding.

If there are non-DB2-related files in the DB2 install directory and the subsequent subdirectories under it, this is a finding.

Vulnerability Number

V-74471

Documentable

False

Rule Version

DB2X-00-003100

Severity Override Guidance

The base installation directory of the database server software and the instance home directory location is configurable at the time of installation.

Run the db2ls command to find the installation directory of DB2 server software.

The environment variable INSTHOME points to instance home directory.

If there are non-DB2-related files in the instance home directory and the subsequent subdirectories under it, this is a finding.

If there are non-DB2-related files in the DB2 install directory and the subsequent subdirectories under it, this is a finding.

Check Content Reference

M

Target Key

3161

Comments