DB2 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-74595 | DB2X-00-008300 | SV-89269r1_rule | Medium |
| Description |
|---|
| Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats. |
| STIG | Date |
|---|---|
| IBM DB2 V10.5 LUW Security Technical Implementation Guide | 2019-09-27 |
Details
| Check Text ( C-74481r1_chk ) |
|---|
| Run the following command to find the value of the network service: $db2 get dbm cfg TCP/IP Service name (SVCENAME) SSL service name (SSL_SVCENAME) If the port numbers are not specified, look for the port numbers in services file and find the port numbers defined for the TCP/IP service name and SSL service name (SVCENAME, SSL_SVCENAME) above. Default Location for services file: Windows Service File: %SystemRoot%\system32\drivers\etc\services UNIX Services File: /etc/services If the network protocols and ports found in previous step are not in as per PPSM guidance, this is a finding. |
| Fix Text (F-81195r1_fix) |
|---|
| Use the following commands to set the protocol and ports as per PPSM guidance: $db2 update dbm cfg using svcename [service_name | port_number] $db2 update dbm cfg using ssl_svcename [ssl_service_name | port_number] Note: http://www.ibm.com/support/knowledgecenter/en/SSEPGG_10.5.0/com.ibm.db2.luw.admin.sec.doc/doc/t0025241.html |