Details

The password, certificate, and any other credentials should be protected.

Rationale:

A database user with the least amount of privileges required to perform backup is needed. The credentials for this user should be protected.

Impact:

When the backup credentials are not properly secured, then they might be abused to gain access to the server. The backup user needs an account with many privileges, so an attacker might potentially gain (almost) complete access to the server.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Change file permissions.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3477

This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Contingency Planning, Media Protection.This control applies to the following type of system Unix.

References

• 800-53|AC-3
• 800-53|CP-9
• 800-53|MP-2
• CSCv7|10.4

Source

• Tenable.com/audits