Details

Though Cassandra database may be run as root, it should run as another non-root user.

Rationale:

One of the best ways to reduce your exposure to attack is to create a unique, unprivileged user and group for the server application. A best practice is to follow is ensuring processes run with a user with least privilege.

Solution

Create a group for cassandra (if it does not already exist)

sudo groupadd cassandra

Create a user which is only used for running Cassandra and its related processes.

sudo useradd -m -d -s /bin/bash -g cassandra -u cassandra

Replacing with the full path of where Cassandra binaries are installed.

Replacing with a number not already used on the server

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2309

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

• 800-53|AC-6(10)
• CSCv6|5.1
• CSCv7|4

Source

• Tenable.com/audits