controls::ssl service name ssl svcename
Overview
Puppet controls are Puppet defined types that ensure a certain security control is implemented. Puppet changes the system in order to make the system compliant.
Description of the control
The ssl_svcename configuration parameter defines the name or number of the port the database server listens for communications from remote client nodes using SSL protocol. The ssl_svcename and the svcename port numbers cannot be the same. On Linux operating systems, the ssl_svcename file is located in: /etc/services
Rationale
The database requires a defined port to listen for incoming remote clients using the SSL protocol. The ssl_svcename configuration parameter defines the port for communicating with remote clients. Consider using a non-default port to help protect the database from attacks directed to a default port.
Skipping
To deliberately skip this control (e.g. meaning don’t use Puppet to enforce this setting), we provide you with two ways:
1) Add db2_secured::controls::ssl_service_name_ssl_svcename: skip to your hiera data. This will skip this control for ALL systems.
3) Add an entry with the content ssl_service_name_ssl_svcename to the array value db2_secured::skip_list in your hiera data.
Benchmarks
This control is used in the following benchmarks:
- db10 CIS V1.1.0 - paragraph 3.2.2
Attributes
| Attribute Name | Short Description |
|---|---|
| title | The database identifier to apply the control to. |
title
The database identifier to apply the control to.
All controls need an database identifier to apply the control to. Here is a simple example:
db2_secured::controls::control_name { 'db2inst1/MYDB':}
In this example, the string dbinst1 is the instance, the string MYDB is the database to apply the control to.
