My SA team installed RPM package (Perconas MongoDB) on Red Hat 7, it came out with sets the permission and owner on the mongod.conf file as follows (644):
rw-r–r-- root root /etc/mongod.conf
I ask SA to change as below, but SA doesn’t want to change . I am told that the Red Hat STIG requires file (mongod.conf) permission to be set 644 (set by rpm package) with user:group as root:root (rw-r–r-- root root /etc/mongod.conf) . If he changes it, SA will get CAT 1.
This is a conflict of the Red Hat and MongoDB STIGs. Could you please give me a advise? Should I go with SA stig or DB stig? Or how to fix this problem?
from
rw-r–r-- root root /etc/mongod.conf
to:
rw------- mongod mongod /etc/mongod.conf
Thank you very much,
Nguyen
1 Like
Hi @pnguyen
As you can see with root:root and 644 everything works well:
[vagrant@localhost ~]$ ls -la /etc/mongod.conf
-rw-r--r--. 1 root root 1496 May 31 14:57 /etc/mongod.conf
[vagrant@localhost ~]$ sudo service mongod start
Redirecting to /bin/systemctl start mongod.service
[vagrant@localhost ~]$ sudo service mongod status
Redirecting to /bin/systemctl status mongod.service
● mongod.service - High-performance, schema-free document-oriented database
Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2021-08-12 10:17:03 UTC; 2s ago
Process: 10613 ExecStart=/usr/bin/env bash -c ${NUMACTL} /usr/bin/mongod ${OPTIONS} > ${STDOUT} 2> ${STDERR} (code=exited, status=0/SUCCESS)
Process: 10591 ExecStartPre=/usr/bin/percona-server-mongodb-helper.sh (code=exited, status=0/SUCCESS)
Main PID: 10617 (mongod)
CGroup: /system.slice/mongod.service
└─10617 /usr/bin/mongod -f /etc/mongod.conf
Aug 12 10:17:02 localhost.localdomain systemd[1]: Starting High-performance, schema-free document-oriented database...
Aug 12 10:17:03 localhost.localdomain systemd[1]: Started High-performance, schema-free document-oriented database.
[vagrant@localhost ~]$