|Finding ID||Version||Rule ID||IA Controls||Severity|
|Developers and implementers can increase the assurance in security functions by employing well-defined security policy models; structured, disciplined, and rigorous hardware and software development techniques; and sound system/security engineering principles.|
|Redis Enterprise 6.x Security Technical Implementation Guide||2022-09-19|
|Check Text ( C-54682r804929_chk )|
| Review the permissions granted to users by the operating system/file system on the database files, database log files, and database backup files. |
If any user/role who is not an authorized system administrator with a need to know or database administrator with a need to know, or a system account for running DBMS processes, is permitted to read/view any of these files, this is a finding.
Review the directory contents and files and verify that the appropriate file permissions are set. Verify that the file owner and group is set to Redis Labs or a group defined per site requirements.
To check permissions of log files (Note: This may vary depending on the installation path.):
To check persisted files from memory if they are being used run the following command (Note: This may vary depending on the installation path.)
# ls -ltr /var/opt/redislabs/persist/redis/
To check the default file permissions to verify that all authenticated users can only read and modify their own files:
# cat/etc/login.defs|grep UMASK
Verify the value is set to 077 or an appropriate organizationally defined setting.
Investigate the permissions on these files. If the permissions allow access by other, this is a finding.
|Fix Text (F-54636r804930_fix)|
| Configure the operating system to define default permissions for all authenticated users in such a way that the user can only read and modify their own files. |
Add or edit the line for the "UMASK" parameter in "/etc/login.defs" file to "077":
Set the permissions of the log files (/var/opt/redislabs/log) and persisted files (/var/opt/redislabs/persist/redis/) to an appropriate organizationally defined setting.