STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:SV-89169r1_rule
V-74495
SRG-APP-000211-DB-000122
DB2X-00-004800
CAT II
10
Remove general users from the privileged groups, SYSADM_GROUP, SYSCTRL_GROUP, SYSMAINT_GROUP, SYSMON_GROUP using OS utilities/interface.
On Windows systems, set the SYSADM_GROUP database manager configuration parameter to the appropriate value.
Run the following command to find the privileged groups and get the value of SYSADM_GROUP, SYSCTRL_GROUP, SYSMAINT_GROUP, SYSMON_GROUP:
$db2 get dbm cfg
If general users are part of any of above groups, this is a finding.
On Windows systems, if the SYSADM_GROUP database manager configuration parameter is not specified, this is a finding.
Note: On UNIX to find the members of a group from the following two files or system admin utilities provided by LINUX/UNIX vendors.
/etc/passwd
/etc/group
e.g. if value of SYSADM_GROUP is DB2IADM1
From operating system files find out who is member of DB2IADM1
ON WINDOWS
You can use lusrmgr.msc or any other OS utility to manage user group memberships.
V-74495
False
DB2X-00-004800
Run the following command to find the privileged groups and get the value of SYSADM_GROUP, SYSCTRL_GROUP, SYSMAINT_GROUP, SYSMON_GROUP:
$db2 get dbm cfg
If general users are part of any of above groups, this is a finding.
On Windows systems, if the SYSADM_GROUP database manager configuration parameter is not specified, this is a finding.
Note: On UNIX to find the members of a group from the following two files or system admin utilities provided by LINUX/UNIX vendors.
/etc/passwd
/etc/group
e.g. if value of SYSADM_GROUP is DB2IADM1
From operating system files find out who is member of DB2IADM1
ON WINDOWS
You can use lusrmgr.msc or any other OS utility to manage user group memberships.
M
3161