V-220373
MarkLogic Server v9 Security Technical Implementation Guide
Title
Access to MarkLogic Server files must be limited to relevant processes and to authorized, administrative users.
Description
<VulnDiscussion>Applications, including DBMSs, must prevent unauthorized and unintended information transfer via shared system resources. Permitting only DBMS processes and authorized, administrative users to have access to the files where the database resides helps ensure those files are not shared inappropriately and are not open to backdoor access and manipulation. Encryption at rest protects data on media, that is, data at rest as opposed to data moving across a communications channel, othe...
Fix Text (Documentation Requirement)
Apply appropriate controls to protect the confidentiality and integrity of data at rest in the database. Perform the fix from the MarkLogic Server Admin Interface with a user that holds administrative-level privileges. 1. Click the Databases icon. 2. Click the database to be fixed. 3. Select ON from the data encryption drop-down. OR Change owner and group of /var/opt/MarkLogic to user daemon from the command line with a privileged user: > chown -R daemon.daemon /var/opt/MarkLogic Change permissions of /var/opt/MarkLogic to 750 (rwx by owner only) from the command line > chmod 750 /var/opt/MarkLogic