STIGQter: STIG Summary: vRealize - Cassandra Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

Access to database files must be limited to relevant processes and to authorized, administrative users.

DISA Rule

SV-87301r1_rule

Vulnerability Number

V-72669

Group Title

SRG-APP-000243-DB-000374

Rule Version

VROM-CS-000180

Severity

CAT II

CCI(s)

• CCI-001090 - The information system prevents unauthorized and unintended information transfer via shared system resources.

Weight

10

Fix Recommendation

Configure the permissions granted by the operating system/file system on the database files, database log files, and database backup files so that only relevant system accounts and authorized system administrators and database administrators with a need to know are permitted to read/view these files.

At the command line execute the following command:

# chown root <file>

Replace <file> with the files that are not owned by either "admin" or "root".

Check Contents

Review the permissions granted to users by the operating system/file system on the database files, database log files, and database backup files.

At the command prompt, execute the following command:

# find /storage/db/vcops/cassandra/data -type f ! \( -user admin -o -user root \)

If any files are listed that are not owned by either "admin" or "root", this is a finding.

Vulnerability Number

V-72669

Documentable

False

Rule Version

VROM-CS-000180

Severity Override Guidance

Review the permissions granted to users by the operating system/file system on the database files, database log files, and database backup files.

At the command prompt, execute the following command:

# find /storage/db/vcops/cassandra/data -type f ! \( -user admin -o -user root \)

If any files are listed that are not owned by either "admin" or "root", this is a finding.

Check Content Reference

M

Target Key

3179

Comments