Details
The IBMLDAPSecurity.ini file contains the IBM LDAP security plug-in configurations.
Recommended value is read-only (RO) to Everyone/Other/Users/Domain Users. This will ensure that the parameter file is protected.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
For Windows:
1. Connect to the DB2 host
2. Right-click over the file directory
3. Choose Properties
4. Select the Security tab
5. Select all non-administrator accounts and revoke the Full Control authority
For Linux:
1. Connect to the DB2 host
2. Change to the file directory
3. Change the permission level of the directory
OS => chmod ?R 740
Default Value:
The default value for this directory is read and write access for non-administrator accounts.
Notes:
The file is located under INSTANCE_HOME/sqllib/cfg/, for Unix; and %DB2PATH%cfg, for MS Windows.
Supportive Information
The following resource is also helpful.
This control applies to the following type of system Windows.