db2_secured

Manage DB2 V10 and V11 Security Baseline according to CIS benchmark

Project URL RSS Feed

Module Stats

1,335 downloads

317 latest version

5.0 quality score

Version information

released Jun 8th 2023

This version is compatible with:

Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x
Puppet >= 5.0.0 < 9.0.0
, , , ,

Start using this module

Installation method

Add this module to your Puppetfile:

mod 'enterprisemodules-db2_secured', '1.0.0'

Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add enterprisemodules-db2_secured

Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install enterprisemodules-db2_secured --version 1.0.0

Tags: database, security, benchmark, cis, db2

Documentation

enterprisemodules/db2_secured — version 1.0.0 Jun 8th 2023

Overview
License
Description
Setup
- Requirements
- Installing the db2_secured module
Usage
Enabling CIS for your database
Skipping some controls
Reference
Limitations

Overview

The db2_secured Puppet module is a powerful security solution that helps you ensure your IBM DB2 databases are compliant with the CIS benchmarks. db2_secured implements all the necessary security controls outlined in the CIS benchmark for IBM DB2 Databases. This means that you can rest assured that your databases are adhering to the highest security standards. This module will help you:

Sleep better at night knowing your data in your databases is more secure.
Feel confident that you're doing everything possible to protect your data in your databases.
Save time on IBM DB2 database security management.
Face the auditor with much confidence
Automate the application of security best practices for your databases.
Easily upgrade to new versions and stay up to date with the latest security recommendations.

Whether you are an individual, a small business owner, or a large enterprise, db2_secured is the perfect solution to keep your IBM DB2 databases safe and secure. db2_secured can be used as a standalone solution with Puppet, or it can integrate seamlessly with the InControl console. This gives you the flexibility to use the product in the way that best suits your needs.

We understand that every organization has unique security requirements, and that's why we've made it easy for you to customize db2_secured to your specific needs. The module is highly configurable, allowing you to tailor it to your organization's security policies and procedures.

In addition to enforcing security configuration (what Puppet normaly does), db2_secured includes a set of classes that are designed for validating the configuration of your systems, without changing them. This powerful tool provides you with detailed information on where your systems are not adhering to the CIS benchmark. This information is critical in helping you identify and remediate any compliance issues.

We understand the importance of having a security solution that supports all recent IBM DB2 database versions. That is why db2_secured is designed to be compatible with recent IBM DB2 versions, including version 10 and 11.

At this point in time it supports the following CIS benchmarks:

With db2_secured, you can rest easy knowing that your IBM DB2 databases are compliant with the highest security standards.

License

This is a commercially licensed module. But you can use the module on VirtualBox based development systems for FREE. When used on real systems a license is required.

You can license our modules in multiple ways. Our basic licensing model requires a subscription per node. But contact us for details.

Check the License for details.

Description

This Puppet module contains all the Puppet code to enforce CIS compliance on your IBM DB2 databases. We have further built upon The CIS compliance baseline for IBM DB2 version 10 or provide you with a means of verifying if your IBM DB2 database comply with these controls. Our team has implemented mechanisms that allow you to conduct checks on your databases using our module, called [db2_secured](/shop/products/incontrol-IBM DB2)version 10 orThese checks include a comprehensive set of security measures to ensure that your databases are compliant with the IBM DB2 version 10 orS benchmark.

If the check detects non-compliance on any or all of your databases, our module includes Puppet code to address this and ensure that all of your databases comply with the IBM DB2 Database CIS benchmark. This feature enables you to maintain a high level of security and meet regulatory requirements with minimal effort.

Moreover, the reports generated from these checks can be obtained through the InControl Console Application. These reports provide detailed information on the checks performed and the status of compliance for each system.

We believe that our module and the InControl Console Application will enable you to maintain a secure and compliant environment for your systems.

Check the documentation here

Benefits of InControl integration

What are the benefits of integrating with InControl? By providing a centralized location, the InControl console helps users manage and track compliance and vulnerability issues with ease. InControl receives reports from linux_secured and other security modules, offering an integrated view and management system for compliance and vulnerabilities not only for Linux, but also for Windows, Oracle databases, Microsoft SQLServer, Postgres, IBM DB2 databases, and cloud environments.

InControl

Overall, InControl is an essential tool for organizations seeking to maintain regulatory compliance and ensure the security and reliability of their systems and infrastructure. Its advanced algorithms, user-friendly design, and customizable alerts and notifications make it a perfect solution for organizations of all sizes and industries.

Setup

Requirements

The db2_secured module requires:

Puppet module enterprisemodules-easy_type installed.
Puppet version 7.0 or higher. Can be Puppet Enterprise or Puppet Open Source
IBM DB2 version 10 or higher
A valid IBM DB2 license
A valid Enterprise Modules license for usage.
Runs on most Linux systems.

Installing the db2_secured module

To install these modules, you can use a Puppetfile

mod 'enterprisemodules/db2_secured'               ,'x.x.x'

Then use the librarian-puppet or r10K to install the software.

You can also install the software using the puppet module command:

puppet module install enterprisemodules-db2_secured

Usage

The scope of securing your IBM DB2 database is enormous. The number of security controls in the CIS benchmark is huge. This might make you think that it is not easy to get started, but actually, it is very simple.

Enabling CIS for your database

To enable the CIS benchmark on your database, you just have to add this line to your puppet code:

db2_secured::apply_cis{'db2inst1/MYDB':
  product_version  => 'db11',
  doc_version => 'V1.0.0'
}

This will activate the CIS benchmark V1.0.0 for DB2 Version 11 on your databases DB1. The db2_secured puppet module takes care of checking all of the security settings in the benchmark and ensuring they are set in a secure way.

Skipping some controls

The scope of the CIS benchmark for IBM DB2 is pretty extensive. So extensive that enabling all controls, probably ensures that your application doesn't work anymore. So you need to customize the controls you want to enable.

There are four ways the db2_secured module allows you to skip controls.

Add a list of controls to skip when calling the db2_secured defined type.
Add db2_secured::controls::name_of_the_control: skip to your hiera data. This will skip the control on ALL databases.
Add db2_secured::controls::name_of_the_control::dbname: skip to your hiera data. This will skip the control on the database with sid dbname.
Add an entry with the content name_of_the_control to the array value db2_secured::skip_list in your hiera data.

Method 1 is a good way to create your own baseline based on the standard db2_secured code.

Method 2 and 3 are a perfect way to use when you need to override the applicability of control on an individual database or set of database. Just put this data in the hiera for this node or group of databases.

Method 4 is the perfect way to setup a base level. A level you want to be skipped on all of your databases.

You can combine all of these methods to fit your use case.

Reference

Here you can find some more information regarding this puppet module:

The db2_secured documentation

Limitations

This module runs on Linux versions. It requires a puppet version 7 or higher. The module does NOT run on windows systems.

Enterprise Modules License d.d. January 2018

This license (“License”) governs the terms and conditions under which db2_secured module (“the Software”)
is licensed by Enterprise Modules B.V, a limited liability company in the Netherlands, registered in
the Dutch Chamber of Commerce: 63689537 (“Licensor”), to the user of the Software (“Licensee”).

Article 1. Grant of license

1.1 Licensor hereby grants to Licensee the right to use the Software for its internal business
purposes.

1.2 The license granted in the previous paragraph is limited to the use on VirtualBox Virtual
machines. For further use a commercial license must be directly obtained from Licensor.

Article 2. License limitations

2.1 All right, title and interest to the Software, the accompanying documentation and all
modifications and extensions thereto rest and remain with Licensor. Licensee only has the
rights and permissions explicitly granted by this License or granted in writing otherwise.
Licensee shall not use, copy, modify, distribute or publish the Software in any other manner.
Nothing in this License is intended to, and shall not be construed to, transfer to Licensee any
rights in intellectual property developed by Licensor.

2.2 In particular, Licensee shall not:
a) provide copies of the Software to third parties, including to entities controlling,
controlled by or under common control with Licensee;
b) sublicense the Software or otherwise make available the Software to such third parties,
including by rental, Software-as-a-Service models or otherwise;
c) remove indications of Licensor as copyright holder of the Software or to remove or render
illegible any part thereof.

2.3 The Software comprises third-party open source software. The respective third-party rights
holders grant Licensee the rights indicated in the applicable open source licenses. These
licenses can be found in the documentation. The License does not apply to this open source
software, and nothing in this License shall be construed as a limitation of any right granted
under an open source license.

Article 3. Trademark

3.1 This License does not grant permission to use the trade names, trademarks, service marks, or
product names of the Licensor, except as required for reasonable and customary use in
describing the origin of the Software.

Article 4. Limitation of Liability

4.1 Licensor provides the Software on an "AS IS" basis, and expressly disclaims all conditions,
representations or warranties, express or implied, including without limitation any implied
warranties of merchantability, fitness for a particular purpose, and non-infringement of third
party rights regarding the Software. Licensor is solely responsible for determining the
appropriateness of using the Software and assume any risks associated arising out of or in
connection with the Software and this License.

4.2 Licensor shall not be liable for any damages, including consequential, special, punitive and/or
incidental damages or fines imposed by regulatory bodies, arising out of or in connection with
the Software and this License.

4.3 Licensee shall release, defend, indemnify and hold harmless Licensor from and against any and
all claims, damages and liability arising in connection with the Software, including from
claims, damages or liability from customers of Licensee.

Article 5. Miscellaneous

5.1 Licensor reserves the right to change any or all parts of this License without prior notice.

5.2 The law of the Netherlands governs this License and the terms and conditions therein.

5.3 Any disputes arising between Licensor and Licensee in connection with the License will be
settled by the competent courts in the Netherlands for the principal place of business of the
Licensor.

Modules

Discover

Contribute

Puppet

Premium features

Downloads

Resources

About Forge

Getting Started

db2_secured

Partner

PDK

Version information

This version is compatible with:

Start using this module

Documentation

Table of Contents

Overview

License

Description

Benefits of InControl integration

Setup

Requirements

Installing the db2_secured module

Usage

Enabling CIS for your database

Skipping some controls

Reference

Limitations

History

08-06-2023 Version 1.0.0

03-10-2022 Version 0.4.0

02-09-2022 Version 0.3.0

06-07-2022 Version 0.1.1

01-07-2022 Version 0.1.0

Dependencies