Details
In the Shared Cluster, the certificate or keyfile is utilized for authentications. Implementing proper file permissions on the certificate or keyfile will prevent unauthorized access to it.
Rationale:
Protecting the certificate/keyfile strengthens authentication in the sharded cluster and prevents unauthorized access to the MongoDB database.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Set the keyFile ownership to mongodb user and remove other permissions by executing these commands:
chmod 600 /keyfile
sudo chown mongodb:mongodb /keyfile
Default Value:
Not configured
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.