controls::secure the permission of the ibmldapsecurity ini file
Overview
Puppet controls are Puppet defined types that ensure a certain security control is implemented. Puppet changes the system in order to make the system compliant.
Description of the control
The IBMLDAPSecurity.ini
file contains the IBM LDAP security plug-in configurations.
Rationale
Recommended value is read and write access to DB2 administrators only and read-only to Everyone/Other/Users/Domain Users. This will ensure that the parameter file is protected. Note: the file is located under INSTANCE_HOME/sqllib/cfg/, for Linux; and %DB2PATH%\cfg\, for Windows.
Skipping
To deliberately skip this control (e.g. meaning don’t use Puppet to enforce this setting), we provide you with two ways:
1) Add db2_secured::controls::secure_the_permission_of_the_ibmldapsecurity_ini_file: skip
to your hiera data. This will skip this control for ALL systems.
3) Add an entry with the content secure_the_permission_of_the_ibmldapsecurity_ini_file
to the array value db2_secured::skip_list
in your hiera data.
Benchmarks
This control is used in the following benchmarks:
- db10 CIS V1.1.0 - paragraph 9.6
Attributes
Attribute Name | Short Description |
---|---|
title | The database identifier to apply the control to. |
title
The database identifier to apply the control to.
All controls need an database identifier to apply the control to. Here is a simple example:
db2_secured::controls::control_name { 'db2inst1/MYDB':}
In this example, the string dbinst1
is the instance, the string MYDB
is the database to apply the control to.
Back to overview of controls::secure_the_permission_of_the_ibmldapsecurity_ini_file