We help IT Professionals succeed at work.

DB2 Audit Program

Billy Ma
Billy Ma asked
on
I need to a DB2 database, are there any audit checklist and data request list(SQL for getting data from IT Department) out there?
I tried to search on the web, and j only found this
http://www.ibm.com/developerworks/data/library/techarticle/dm-0607wasserman/index.html

But I have got no idea where are those setting reside(i.e. which table or file)

Hope someone can help!
Comment
Watch Question

i did not understand what is the question
Billy MaVice President

Author

Commented:
are there any audit checklist for DB2?
there is no predefined checklist
each customer should create his own checklist according to his own needs
What do you want an audit to find out?

Tom
Billy MaVice President

Author

Commented:
Security setting
Commented:
Not sure for DB2, but DoD have a good generic checklist for any DB, and then a user/DBA manual for DB2 could be used to see how to check each area for that specific technology:


http://iase.disa.mil/stigs/app_security/database/general.html

Some other links:

https://www.owasp.org/index.php/OWASP_Backend_Security_Project_DB2_Hardening
http://benchmarks.cisecurity.org/en-us/?route=community.maintainers.groups.db2
https://benchmarks.cisecurity.org/tools2/db2/CIS_IBM_DB2_Benchmark_v1.2.0.pdf

Also many plugins on tools like Nessus/OpenVAS for DB2:


Name Family
10871 DB2 Multiple CGI Single Byte Request Remote DoS Databases
11859 Default Password (ibmdb2) for 'db2inst1' Account Default Unix Accounts
11860 Default Password (db2fenc1) for 'db2fenc1' Account Default Unix Accounts
11861 Default Password (ibmdb2) for 'db2fenc1' Account Default Unix Accounts
11862 Default Password (db2inst) for 'db2inst1' Account Default Unix Accounts
11863 Default Password (ibmdb2) for 'db2as' Account Default Unix Accounts
11864 Default Password (db2as) for 'db2as' Account Default Unix Accounts
11896 DB2 Discovery Service Malformed UDP Packet Remote DoS Databases
15486 DB2 < 8 Fix Pack 7a Multiple Vulnerabilities Databases
18912 FreeBSD : mozilla -- heap overflow in NNTP handler (3fbf9db2-658b-11d9-abad-000a95bc6fae) FreeBSD Local Security Checks
21383 FreeBSD : gaim -- AIM/ICQ non-UTF-8 filename crash (09db2844-0b21-11da-bc08-0001020eed82) FreeBSD Local Security Checks
22016 DB2 Administration Server Detection Databases
22017 DB2 Discovery Service Detection Databases
22416 DB2 Connection Port Detection Databases
22417 DB2 Interrupt Port Detection Databases
22447 DB2 JDBC Applet Server Detection Databases
23935 DB2 < 8.1 FixPak 12 EXCSAT Long MGRLVLLS Message Remote DoS Databases
23936 DB2 < 8.1 FixPak 13 CONNECT Processing Unspecified DoS Databases
23937 DB2 < 8.1 FixPak 14 Multiple Vulnerabilities Databases
24699 DB2 < 9 Fix Pack 2 Multiple Vulnerabilities Databases
25905 DB2 < 9 Fix Pack 3 / 8 FixPak 15 Multiple Vulnerabilities Databases
28227 DB2 < 9 Fix Pack 4 Multiple Vulnerabilities Databases
29292 GLSA-200712-05 : PEAR::MDB2: Information disclosure Gentoo Local Security Checks
30153 DB2 < 8.1 FixPak 16 Multiple Vulnerabilities Databases
33128 DB2 < 9 Fix Pack 5 Multiple Vulnerabilities Databases
33763 DB2 < 9.5 Fix Pack 1 Multiple Vulnerabilities Databases
33852 Default Password (db2admin) for 'db2admin' Account on Windows Databases
34056 DB2 9.5 < Fix Pack 2 Multiple Vulnerabilities Databases
34195 DB2 8 < Fix Pack 17 Multiple Vulnerabilities Databases
34475 DB2 9.1 < Fix Pack 6 Multiple Vulnerabilities Databases
36216 DB2 9.1 < Fix Pack 7 Multiple Vulnerabilities Databases
39007 DB2 < 9.5 Fix Pack 4 Multiple Vulnerabilities Databases
40662 DB2 8.1 < Fix Pack 18 Multiple Vulnerabilities Databases
42044 DB2 9.1 < Fix Pack 8 Multiple Vulnerabilities Databases
43172 DB2 9.5 < Fix Pack 5 Unspecified Vulnerabilities Databases
46173 DB2 9.1 < Fix Pack 9 Multiple Vulnerabilities Databases
46766 DB2 9.7 < Fix Pack 2 Multiple Vulnerabilities Databases
47901 IBM Tivoli Directory Server ldapinst.log DB2 Admin Password Disclosure Windows
49120 DB2 9.5 < Fix Pack 6a Multiple Vulnerabilities Databases
50451 DB2 9.7 < Fix Pack 3 Multiple Vulnerabilities Databases
51840 DB2 9.1 < Fix Pack 10 Multiple Vulnerabilities Databases
51841 DB2 9.5 < Fix Pack 7 Multiple Vulnerabilities Databases
53547 DB2 9.7 < Fix Pack 4 Multiple Vulnerabilities Databases
55690 DB2 Unsupported Version Detection Databases
56928 DB2 9.7 < Fix Pack 5 Multiple Denial of Service Vulnerabilities Databases
58293 DB2 9.5 < Fix Pack 9 Multiple Vulnerabilities Databases
59644 DB2 9.1 < Fix Pack 11 Multiple Denial of Service Vulnerabilities Databases
59904 DB2 9.7 < Fix Pack 6 Multiple Vulnerabilities Databases
59905 DB2 9.8 < Fix Pack 5 Multiple Vulnerabilities Databases
60098 DB2 9.1 < Fix Pack 12 Multiple Vulnerabilities Databases