Making and keeping your fleet of IBM DB2 databases secure can be a daunting task. Also a task that takes a lot of effort.
The db2_secured puppet module is an affordable supported Puppet module that allows you to ensure a security benchmark, like the CIS benchmark or the DoD STIG, to your databases. It integrates seamlessly with Puppet and Puppet Enterprise. The module supports extensive customizations and allows you to work with exclusion lists when you don’t want all of the security controls applied. It also allows you to define your own sub-set of security controls or even your own security controls.
Contact us for pricing information and see how you can reduce the TCO of your fleet of IBM DB2 databases.
db2_secured module is the Puppet implementation of the Center for Internet Security (CIS) benchmark for IBM DB2 databases. This module will help you:
db2_secured module allows you to implement the CIS security baseline by adding just one line of puppet code.
The CIS Security Benchmarks program provides well-defined, unbiased, and consensus-based industry best practices to help organizations assess and improve their security. Resources include secure configuration benchmarks, automated configuration assessment tools and content, security metrics and security software product certifications. The Security Benchmarks program is recognized as a trusted, independent authority that facilitates the collaboration of public and private industry experts to achieve consensus on practical and actionable solutions. Because of the reputation, our resources are recommended as industry-accepted system hardening standards and are used by organizations in meeting compliance requirements for FISMA, PCI, HIPAA and other security requirements.
These benchmarks contain a precise, actionable set of measures for your DB2 database.
As I said before, the CIS also has a security baseline for DB2: CIS DB2 Database Server Benchmark. We have taken this baseline and Puppetized it for you to use. It is called the
db2_secured and contains an implementation of all rules in the benchmark that describe a configuration setting inside of the database.
Very simple. To enforce all of the rules in the CIS DB2 benchmark, you just have to add the next puppet code to your Puppet manifest:
On a Puppet run, the module will inspect all settings described in the CIS controls and apply changes to them if they deviate from the standard. (If you have started the Puppet run with a
noop, it will do nothing but report all changes that would have been made. ). All changes will be reported to the Puppet master and on the console, you get an overview of the changes. Because the Puppet agent runs every 20 minutes (or different if you set it to a different interval), every 20 minutes, your database configuration is checked against the CIS benchmark and you can sleep well and be assured your data is safe.
Our modules are based on an annual subscription(an entitlement). When you purchase an entitlement:
We will make sure the modules keep working with the latest versions of Puppet en the supporting products like Oracle IBM MQ or WebLogic.
We currently have the following licensing methods for you:
1) Free when used on VirtualBox
2) Per node per year subscription
3) Custom licensing
This module is Free when used on a VirtualBox testing machine. The software checks if you are using VirtualBox and allows usage. No need to get any licenses from us to get going. Just download the module from our own forge and get going. To download the module use:
puppet module install --module_repository=http://forge.enterprisemodules.com enterprisemodules-modulename
Our basic licensing model requires a subscription per node. The subscription is valid for a year. To make this work, we need you to send us the node name of the system you want to use the module on. (Not the puppetmaster, but the system where the agent is running.). Based on this information we will send you a file containing the entitlement for your node(s). You can purchase the entitlement in the shop or you can contact us. After you have ordered this module, you will receive an entitlement file. This file contains the information needed to run the software on your Puppet machine (agents).
Our license manager is very flexible. If you have special requirements, please contact us so we can discuss other options.
db2_secured module requires:
Here you can find some more information regarding this puppet module: