Security -RedHat vs Percona Mongodb

My SA team installed RPM package (Perconas MongoDB) on Red Hat 7, it came out with sets the permission and owner on the mongod.conf file as follows (644):
rw-r–r-- root root /etc/mongod.conf

I ask SA to change as below, but SA doesn’t want to change . I am told that the Red Hat STIG requires file (mongod.conf) permission to be set 644 (set by rpm package) with user:group as root:root (rw-r–r-- root root /etc/mongod.conf) . If he changes it, SA will get CAT 1.
This is a conflict of the Red Hat and MongoDB STIGs. Could you please give me a advise? Should I go with SA stig or DB stig? Or how to fix this problem?

rw-r–r-- root root /etc/mongod.conf
rw------- mongod mongod /etc/mongod.conf
Thank you very much,

1 Like

Hi @pnguyen
As you can see with root:root and 644 everything works well:

[vagrant@localhost ~]$ ls -la /etc/mongod.conf
-rw-r--r--. 1 root root 1496 May 31 14:57 /etc/mongod.conf
[vagrant@localhost ~]$ sudo service mongod start
Redirecting to /bin/systemctl start mongod.service
[vagrant@localhost ~]$ sudo service mongod status
Redirecting to /bin/systemctl status mongod.service
● mongod.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2021-08-12 10:17:03 UTC; 2s ago
  Process: 10613 ExecStart=/usr/bin/env bash -c ${NUMACTL} /usr/bin/mongod ${OPTIONS} > ${STDOUT} 2> ${STDERR} (code=exited, status=0/SUCCESS)
  Process: 10591 ExecStartPre=/usr/bin/ (code=exited, status=0/SUCCESS)
 Main PID: 10617 (mongod)
   CGroup: /system.slice/mongod.service
           └─10617 /usr/bin/mongod -f /etc/mongod.conf

Aug 12 10:17:02 localhost.localdomain systemd[1]: Starting High-performance, schema-free document-oriented database...
Aug 12 10:17:03 localhost.localdomain systemd[1]: Started High-performance, schema-free document-oriented database.
[vagrant@localhost ~]$