Ensure appropriate database file permissions are set.

Details

MongoDB database files need to be protected using file permissions.

Rationale:

This will restrict unauthorized users from accessing the database.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Set ownership of the database file to mongodb user and remove other permissions using the following commands:

chmod 770 /var/lib/mongodb
chown mongodb:mongodb /var/lib/mongodb

Default Value:

Not configured

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/3463

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.

References

800-53|AC-3
CSCv7|14.6

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles