STIGQter STIGQter: STIG Summary: vRealize - Cassandra Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017: Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to the DBMS, etc.) must be owned by database/DBMS principals authorized for ownership.

DISA Rule

SV-87281r1_rule

Vulnerability Number

V-72649

Group Title

SRG-APP-000133-DB-000200

Rule Version

VROM-CS-000105

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Assign ownership of authorized objects to authorized object owner accounts.

Open cqlsh prompt in the Cassandra Server and run "REVOKE <list of permissions> ON <tablename> FROM <current owner user account name>; GRANT ALL PERMISSIONS ON <tablename> TO <superuser account name>;"

Check Contents

Review system documentation to identify accounts authorized to own database objects. Review accounts that own objects in the database(s).

If any database objects are found to be owned by users not authorized to own database objects, this is a finding.

Open cqlsh prompt in the Cassandra Server and type "LIST ALL PERMISSIONS;" command. Review the list of access privileges available.

If all the objects are owned by superuser account (cassandra in default Cassandra Server configuration), this is not a finding.

Otherwise, it is a finding.

Vulnerability Number

V-72649

Documentable

False

Rule Version

VROM-CS-000105

Severity Override Guidance

Review system documentation to identify accounts authorized to own database objects. Review accounts that own objects in the database(s).

If any database objects are found to be owned by users not authorized to own database objects, this is a finding.

Open cqlsh prompt in the Cassandra Server and type "LIST ALL PERMISSIONS;" command. Review the list of access privileges available.

If all the objects are owned by superuser account (cassandra in default Cassandra Server configuration), this is not a finding.

Otherwise, it is a finding.

Check Content Reference

M

Target Key

3179

Comments