STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:

DB2 must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to DB2.

DISA Rule

SV-89139r1_rule

Vulnerability Number

V-74465

Group Title

SRG-APP-000133-DB-000179

Rule Version

DB2X-00-002800

Severity

CAT II

CCI(s)

CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

Fix Recommendation

Use the appropriate variation of REVOKE (schema privileges) statement to remove the privileges from unauthorized users/roles/groups:
DB2> REVOKE <ALTERIN/CREATEIN/DROPIN> ON SCHEMA <schema-name> FROM <USER/GROUP/PUBLIC/ROLE>

For more on this topic, see the Help page on "REVOKE (schema privileges) statement":
http://www.ibm.com/support/knowledgecenter/en/SSEPGG_10.5.0/com.ibm.db2.luw.sql.ref.doc/doc/r0000988.html

Check Contents

Use the following query to find who has privileges to alter, drop, and create objects in the schemas:
DB2> SELECT * FROM SYSCAT.SCHEMAAUTH

If non-authorized users have privileges to create, alter, or drop objects, this is a finding.

Vulnerability Number

V-74465

Documentable

False

Rule Version

DB2X-00-002800

Severity Override Guidance

Check Content Reference

Target Key

3161

DB2 must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to DB2.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments