STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:

MongoDB must prevent unauthorized and unintended information transfer via shared system resources.

DISA Rule

SV-96601r1_rule

Vulnerability Number

V-81887

Group Title

SRG-APP-000243-DB-000373

Rule Version

MD3X-00-000470

Severity

CAT II

CCI(s)

• CCI-001090 - The information system prevents unauthorized and unintended information transfer via shared system resources.

Weight

10

Fix Recommendation

Correct the permission to the files and/or directories that are in violation.

MongoDB Configuration file (default location):
chown mongod:mongod /etc/mongod.conf
chmod 755 /etc/mongod.conf

MongoDB data file directory (default location):
chown -R mongod:mongod/var/lib/mongo
chmod -R 755/var/lib/mongo

Check Contents

Verify the permissions for the following database files or directories:

MongoDB default configuration file: "/etc/mongod.conf"
MongoDB default data directory: "/var/lib/mongo"

If the owner and group are not both "mongod", this is a finding.

If the file permissions are more permissive than "755", this is a finding.

Vulnerability Number

V-81887

Documentable

False

Rule Version

MD3X-00-000470

Severity Override Guidance

Verify the permissions for the following database files or directories:

MongoDB default configuration file: "/etc/mongod.conf"
MongoDB default data directory: "/var/lib/mongo"

If the owner and group are not both "mongod", this is a finding.

If the file permissions are more permissive than "755", this is a finding.

Check Content Reference

M

Target Key

3265

Comments