STIGQter: STIG Summary: vRealize - Cassandra Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The Cassandra database must have the correct authorizer value.

DISA Rule

SV-87253r1_rule

Vulnerability Number

V-72621

Group Title

SRG-APP-000033-DB-000084

Rule Version

VROM-CS-000005

Severity

CAT I

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Configure the Cassandra Server settings and access controls to permit user access only to objects and data that the user is authorized to view or interact with, and to prevent access to all other objects and data.

At the command line execute the following command:

# sed -i 's/^.*\bauthorizer:.*$/authorizer: CassandraAuthorizer/' /usr/lib/vmware-vcops/user/conf/cassandra/cassandra.yaml

Check Contents

Check the Cassandra Server settings to determine whether users are restricted from accessing objects and data they are not authorized to access.

At the command prompt, execute the following command:

# grep '^\s*authorizer:' /usr/lib/vmware-vcops/user/conf/cassandra/cassandra.yaml

If the line below is returned, this is a finding:
authorizer: AllowAllAuthorizer

Vulnerability Number

V-72621

Documentable

False

Rule Version

VROM-CS-000005

Severity Override Guidance

Check the Cassandra Server settings to determine whether users are restricted from accessing objects and data they are not authorized to access.

At the command prompt, execute the following command:

# grep '^\s*authorizer:' /usr/lib/vmware-vcops/user/conf/cassandra/cassandra.yaml

If the line below is returned, this is a finding:
authorizer: AllowAllAuthorizer

Check Content Reference

M

Target Key

3179

Comments