Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-74595 | DB2X-00-008300 | SV-89269r1_rule | Medium |
Description |
---|
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats. |
STIG | Date |
---|---|
IBM DB2 V10.5 LUW Security Technical Implementation Guide | 2018-09-13 |
Check Text ( C-74481r1_chk ) |
---|
Run the following command to find the value of the network service: $db2 get dbm cfg TCP/IP Service name (SVCENAME) SSL service name (SSL_SVCENAME) If the port numbers are not specified, look for the port numbers in services file and find the port numbers defined for the TCP/IP service name and SSL service name (SVCENAME, SSL_SVCENAME) above. Default Location for services file: Windows Service File: %SystemRoot%\system32\drivers\etc\services UNIX Services File: /etc/services If the network protocols and ports found in previous step are not in as per PPSM guidance, this is a finding. |
Fix Text (F-81195r1_fix) |
---|
Use the following commands to set the protocol and ports as per PPSM guidance: $db2 update dbm cfg using svcename [service_name | port_number] $db2 update dbm cfg using ssl_svcename [ssl_service_name | port_number] Note: http://www.ibm.com/support/knowledgecenter/en/SSEPGG_10.5.0/com.ibm.db2.luw.admin.sec.doc/doc/t0025241.html |