Details
The SSLconfig.ini file contains the SSL configuration parameters for the DB2 instance, including the password for KeyStore.
Recommended value is read-only (RO) to Everyone/Other/Users/Domain Users. This will ensure that the parameter file is protected.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
For Windows:
1. Connect to the DB2 host
2. Right-click over the file directory
3. Choose Properties
4. Select the Security tab
5. Select all non-administrator accounts and revoke the Full Control authority
For Linux:
1. Connect to the DB2 host
2. Change to the file directory
3. Change the permission level of the directory
OS => chmod ?R 740
Default Value:
The default value for this directory is read-and-write access to non-administrator accounts.
Notes:
The file is located under INSTANCE_HOME/cfg/, for Unix; and %INSTHOME, for MS Windows. Only the instance owner should have access to this file.
Supportive Information
The following resource is also helpful.
This control applies to the following type of system Windows.