Details

In the Shared Cluster, the certificate or keyfile is utilized for authentications. Implementing proper file permissions on the certificate or keyfile will prevent unauthorized access to it.

Rationale:

Protecting the certificate/keyfile strengthens authentication in the sharded cluster and prevents unauthorized access to the MongoDB database.

Solution

Set the keyFile ownership to mongodb user and remove other permissions by executing these commands:

chmod 600 /keyfile
sudo chown mongodb:mongodb /keyfile

Default Value:

Not configured

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3463

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Unix.

References

• 800-53|IA-5
• 800-53|IA-5(1)
• CSCv7|16.4

Source

• Tenable.com/audits