STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:

The audit information produced by MongoDB must be protected from unauthorized read access.

DISA Rule

SV-96563r1_rule

Vulnerability Number

V-81849

Group Title

SRG-APP-000118-DB-000059

Rule Version

MD3X-00-000190

Severity

CAT II

CCI(s)

• CCI-000162 - The information system protects audit information from unauthorized access.
• CCI-000163 - The information system protects audit information from unauthorized modification.
• CCI-000164 - The information system protects audit information from unauthorized deletion.

Weight

10

Fix Recommendation

Run these commands:

"chown mongod <MongoDB auditLog directory>"
"chgrp mongod <MongoDB auditLog directory>"
"chmod 700 <<MongoDB auditLog directory>"

(The path for the MongoDB auditLog directory will vary according to local circumstances. The auditLog directory will be found in the MongoDB configuration file whose default location is '/etc/mongod.conf'.)

To find the auditLog directory name, view and search for the entry in the MongoDB configuration file for the auditLog.path:

Example:

auditLog:
destination: file
format: BSON
path: /var/lib/mongo/auditLog.bson

Given the example above, to find the auditLog directory name run the following command:

> dirname /var/lib/mongo/auditLog.bson
the output will be the "<MongoDB auditLog directory>"

/var/lib/mongo

Check Contents

Verify User ownership, Group ownership, and permissions on the "<MongoDB auditLog directory>":

> ls –ald <MongoDB auditLog data directory>

If the User owner is not "mongod", this is a finding.

If the Group owner is not "mongod", this is a finding.

If the directory is more permissive than "700", this is a finding.

(The path for the MongoDB auditLog directory will vary according to local circumstances. The auditLog directory will be found in the MongoDB configuration file whose default location is '/etc/mongod.conf'.)

To find the auditLog directory name, view and search for the entry in the MongoDB configuration file for the auditLog.path:

Example:

auditLog:
destination: file
format: BSON
path: /var/lib/mongo/auditLog.bson

Given the example above, to find the auditLog directory name run the following command:

> dirname /var/lib/mongo/auditLog.bson
the output will be the "<MongoDB auditLog directory>"

/var/lib/mongo

Vulnerability Number

V-81849

Documentable

False

Rule Version

MD3X-00-000190

Severity Override Guidance

Verify User ownership, Group ownership, and permissions on the "<MongoDB auditLog directory>":

> ls –ald <MongoDB auditLog data directory>

If the User owner is not "mongod", this is a finding.

If the Group owner is not "mongod", this is a finding.

If the directory is more permissive than "700", this is a finding.

(The path for the MongoDB auditLog directory will vary according to local circumstances. The auditLog directory will be found in the MongoDB configuration file whose default location is '/etc/mongod.conf'.)

To find the auditLog directory name, view and search for the entry in the MongoDB configuration file for the auditLog.path:

Example:

auditLog:
destination: file
format: BSON
path: /var/lib/mongo/auditLog.bson

Given the example above, to find the auditLog directory name run the following command:

> dirname /var/lib/mongo/auditLog.bson
the output will be the "<MongoDB auditLog directory>"

/var/lib/mongo

Check Content Reference

M

Target Key

3265

Comments