STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:SV-89157r1_rule
V-74483
SRG-APP-000141-DB-000093
DB2X-00-003700
CAT II
10
Drop the external routines if these are non-essential for mission objective.
DB2> DROP FUNCTION <name>
Revoke execute privileges from non-authorized users on external routines.
DB2> REVOKE EXECUTE ON FUNCTION <FUNCTION1> FROM <USER1>
Note: Select the following link for the knowledgebase information on the DROP statement:
http://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.sql.ref.doc/doc/r0000945.html?cp=SSEPGG_10.5.0%2F2-12-7-129&lang=en
Use the following SQL Query to find external routines:
DB2> SELECT ROUTINENAME
FROM SYSCAT.ROUTINES
WHERE ORIGIN='E'
Use the following command to find out which user has privileges to run the external routines found with last query.
DB2> SELECT GRANTEE
FROM SYSCAT.ROUTINEAUTH
If non-essential routines exist outside the database, this is a finding.
If non-authorized users have privileges on external routines, this is a finding.
V-74483
False
DB2X-00-003700
Use the following SQL Query to find external routines:
DB2> SELECT ROUTINENAME
FROM SYSCAT.ROUTINES
WHERE ORIGIN='E'
Use the following command to find out which user has privileges to run the external routines found with last query.
DB2> SELECT GRANTEE
FROM SYSCAT.ROUTINEAUTH
If non-essential routines exist outside the database, this is a finding.
If non-authorized users have privileges on external routines, this is a finding.
M
3161