DOCSLIB.ORG

DB2 Security and Compliance Solutions for Linux, UNIX, and Windows

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
DB2 Security and Compliance Solutions for Linux, UNIX, and Windows Front cover DB2 Security and Compliance Solutions for Linux, UNIX, and Windows Understand DB2 security concepts and technologies Learn security implementation by examples Protect your data with DB2 security features Whei-Jen Chen Ivo Rytir Paul Read Rafat Odeh ibm.com/redbooks International Technical Support Organization DB2 Security and Compliance Solutions for Linux, UNIX, and Windows March 2008 SG24-7555-00 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (March 2008) This edition applies to DB2 9.5 for Linux, UNIX, and Widows. © Copyright International Business Machines Corporation 2008. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix The team that wrote this book . ix Acknowledgements . x Become a published author . xi Comments welcome. xii Chapter 1. DB2 security overview . 1 1.1 DB2 security compliance. 2 1.2 DB2 security model . 4 1.2.1 Authentication . 5 1.2.2 Authorization . 6 1.2.3 DB2 security plug-ins . 11 1.2.4 LBAC. 16 1.2.5 DB2 database roles. 17 1.2.6 Trusted contexts and trusted connections . 18 1.2.7 Data encryption . 19 1.2.8 Auditing . 20 1.2.9 DB2 security tools . 22 Chapter 2. SYSADM, DBADM, SECADM, and OS authorities . 25 2.1 Primary DB2 security authorities . 26 2.1.1 SYSADM authority . 26 2.1.2 DBADM authority . 33 2.1.3 SECADM authority . 39 2.2 Operating system authorities and DB2 . 41 Chapter 3. Roles . 47 3.1 Definition of a role . 48 3.2 Scenario - basic setup. 49 3.3 Planning . 50 3.4 Setup and configuration of roles . 51 3.4.1 Create roles. 52 3.4.2 Assign privileges . 55 3.4.3 Granting membership to roles. 57 3.4.4 Maintenance and administration of roles . 59 3.5 Comparisons with roles and groups . 62 © Copyright IBM Corp. 2008. All rights reserved. iii 3.6 Considerations . 64 Chapter 4. Trusted contexts and connections . 67 4.1 lDefinition of trusted contexts . 68 4.2 Setup and configuration . 70 4.2.1 Trusted context statement. 71 4.2.2 Using trusted contexts. 71 4.2.3 Administering . 74 4.3 User ID switching within trusted connections . 75 4.4 Role membership inheritance . 77 4.5 Switching user roles considerations . 79 4.6 Problem determination . 80 Chapter 5. Label-based access control. 83 5.1 Overview . 84 5.1.1 LBAC enhancements in DB2 9.5 . 85 5.2 Security label components . 86 5.2.1 SET . 87 5.2.2 ARRAY . 88 5.2.3 TREE. 89 5.3 Security policies . 90 5.3.1 Policies and rules . 91 5.4 Security labels . 93 5.5 Set up LBAC . 95 5.5.1 Creating a security label component. 96 5.5.2 Create a security policy. 97 5.5.3 Create a security label . 97 5.5.4 Secure table with LBAC . 98 5.5.5 Maintenance and administration . 112 Chapter 6. Auditing . 117 6.1 db2audit. 118 6.1.1 Concept. 118 6.1.2 Changes for DB2 9.5. 118 6.2 Audit policies . 120 6.2.1 Audit categories . 122 6.3 Audit statement . 123 6.3.1 Auditable objects. 124 6.4 Setup and configuration . 126 6.4.1 db2audit files . 126 6.4.2 Instance. 129 6.4.3 Database. 130 6.4.4 Table . 131 6.4.5 User, role, and group . 131 iv DB2 Security and Compliance Solutions for Linux, UNIX, and Windows 6.5 Audit data . 132 6.5.1 Archive . 132 6.5.2 Extract . 133 6.5.3 Load . ..
Load more

Recommended publications
  • Administering Unidata on UNIX Platforms
    C:\Program Files\Adobe\FrameMaker8\UniData 7.2\7.2rebranded\ADMINUNIX\ADMINUNIXTITLE.fm March 5, 2010 1:34 pm Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta UniData Administering UniData on UNIX Platforms UDT-720-ADMU-1 C:\Program Files\Adobe\FrameMaker8\UniData 7.2\7.2rebranded\ADMINUNIX\ADMINUNIXTITLE.fm March 5, 2010 1:34 pm Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Notices Edition Publication date: July, 2008 Book number: UDT-720-ADMU-1 Product version: UniData 7.2 Copyright © Rocket Software, Inc. 1988-2010. All Rights Reserved. Trademarks The following trademarks appear in this publication: Trademark Trademark Owner Rocket Software™ Rocket Software, Inc. Dynamic Connect® Rocket Software, Inc. RedBack® Rocket Software, Inc. SystemBuilder™ Rocket Software, Inc. UniData® Rocket Software, Inc. UniVerse™ Rocket Software, Inc. U2™ Rocket Software, Inc. U2.NET™ Rocket Software, Inc. U2 Web Development Environment™ Rocket Software, Inc. wIntegrate® Rocket Software, Inc. Microsoft® .NET Microsoft Corporation Microsoft® Office Excel®, Outlook®, Word Microsoft Corporation Windows® Microsoft Corporation Windows® 7 Microsoft Corporation Windows Vista® Microsoft Corporation Java™ and all Java-based trademarks and logos Sun Microsystems, Inc. UNIX® X/Open Company Limited ii SB/XA Getting Started The above trademarks are property of the specified companies in the United States, other countries, or both. All other products or services mentioned in this document may be covered by the trademarks, service marks, or product names as designated by the companies who own or market them. License agreement This software and the associated documentation are proprietary and confidential to Rocket Software, Inc., are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice.
    [Show full text]
  • Oracle Solaris: the Carrier-Grade Operating System Technical Brief
    An Oracle White Paper February 2011 Oracle Solaris: The Carrier-Grade Operating System Oracle White Paper—Oracle Solaris: The Carrier-Grade OS Executive Summary.............................................................................1 ® Powering Communication—The Oracle Solaris Ecosystem..............3 Integrated and Optimized Stack ......................................................5 End-to-End Security ........................................................................5 Unparalleled Performance and Scalability.......................................6 Increased Reliability ........................................................................7 Unmatched Flexibility ......................................................................7 SCOPE Alliance ..............................................................................7 Security................................................................................................8 Security Hardening and Monitoring .................................................8 Process and User Rights Management...........................................9 Network Security and Encrypted Communications .......................10 Virtualization ......................................................................................13 Oracle VM Server for SPARC .......................................................13 Oracle Solaris Zones .....................................................................14 Virtualized Networking...................................................................15
    [Show full text]
  • 802.11N Support in Freebsd (For the Run(4) Driver)
    802.11n support in FreeBSD (for the run(4) driver) 15412 F’19 1 / 15 Motivation ● “Do something with operating systems” – OS Junkie: Ubuntu → Fedora → Arch Linux → Gentoo → FreeBSD ● Do something for the community – So much free (not free as in free beer) software out there for use – Time to give something back! ● Faster WiFi doesn’t hurt – Makes FreeBSD more usable ● Less angry users: “But this works on Lunix!” 2 / 15 FreeBSD ● Open source, UNIX ● Official webpage: freebsd.org ● Large, helpful community – IRC Channels on Freenode (#freebsd) – Forums (forums.freebsd.org) – Mailing lists (lists.freebsd.org) ● Latest Release: FreeBSD 12 (2018) 3 / 15 802.11 ● IEEE 802.11: Standard for WiFi – 802.11b: 2.4GHz, Max rate 11 Mbps, range 150 ft., Year 1999 – 802.11g: 2.4 GHz, Max rate 54 Mbps, range 150 ft., Year 2003 – 802.11n: 2.4GHz or 5 GHz, Max rate 300 Mbps (single antenna), 450 Mbps (MIMO), range 175 ft., Year 2009 4 / 15 Ralink ● Produces WiFi chips – See https://wikidevi.com/wiki/Ralink for list of chips ● Linux driver: rt2800usb (USB Ralink 802.11n devices) ( https://wiki.debian.org/rt2800usb). ● FreeBSD driver: run (see https://www.freebsd.org/cgi/man.cgi?run(4) ) – Caveats : “The run driver does not support any of the 802.11n capabilities offered by the RT2800, RT3000 and RT3900 chipsets.“ 5 / 15 Existing code base ● The run driver supports several chipsets and adapters (such as ASUS USB N-66) but without support for 802.11n – This means reduced speeds – This means it will misbehave when you turn on your microwave ● run(4) also has annoying ‘device timeout’ errors where the card stops responding.
    [Show full text]
  • SMART: Making DB2 (More) Autonomic
    SMART: Making DB2 (More) Autonomic Guy M. Lohman Sam S. Lightstone IBM Almaden Research Center IBM Toronto Software Lab K55/B1, 650 Harry Rd. 8200 Warden Ave. San Jose, CA 95120-6099 Markham, L6G 1C7 Ontario U.S.A. Canada [email protected] [email protected] Abstract The database community has already made many significant contributions toward autonomic systems. IBM’s SMART (Self-Managing And Resource Separating the logical schema from the physical schema, Tuning) project aims to make DB2 self- permitting different views of the same data by different managing, i.e. autonomic, to decrease the total applications, and the entire relational model of data, all cost of ownership and penetrate new markets. simplified the task of building new database applications. Over several releases, increasingly sophisticated Declarative query languages such as SQL, and the query SMART features will ease administrative tasks optimizers that made them possible, further aided such as initial deployment, database design, developers. But with the exception of early research in system maintenance, problem determination, and the late 1970s and early 1980s on database design ensuring system availability and recovery. algorithms, little has been done to help the beleaguered database administrator (DBA) until quite recently, with 1. Motivation for Autonomic Databases the founding of the AutoAdmin project at Microsoft [http://www.research.microsoft.com/dmx/autoadmin/] and While Moore’s Law and competition decrease the per-unit the SMART project at IBM, described herein. cost of hardware and software, the shortage of skilled professionals that can comprehend the growing complexity of information technology (IT) systems 2.
    [Show full text]
  • Minutes of the January 25, 2010, Meeting of the Board of Regents
    MINUTES OF THE JANUARY 25, 2010, MEETING OF THE BOARD OF REGENTS ATTENDANCE This scheduled meeting of the Board of Regents was held on Monday, January 25, 2010, in the Regents’ Room of the Smithsonian Institution Castle. The meeting included morning, afternoon, and executive sessions. Board Chair Patricia Q. Stonesifer called the meeting to order at 8:31 a.m. Also present were: The Chief Justice 1 Sam Johnson 4 John W. McCarter Jr. Christopher J. Dodd Shirley Ann Jackson David M. Rubenstein France Córdova 2 Robert P. Kogod Roger W. Sant Phillip Frost 3 Doris Matsui Alan G. Spoon 1 Paul Neely, Smithsonian National Board Chair David Silfen, Regents’ Investment Committee Chair 2 Vice President Joseph R. Biden, Senators Thad Cochran and Patrick J. Leahy, and Representative Xavier Becerra were unable to attend the meeting. Also present were: G. Wayne Clough, Secretary John Yahner, Speechwriter to the Secretary Patricia L. Bartlett, Chief of Staff to the Jeffrey P. Minear, Counselor to the Chief Justice Secretary T.A. Hawks, Assistant to Senator Cochran Amy Chen, Chief Investment Officer Colin McGinnis, Assistant to Senator Dodd Virginia B. Clark, Director of External Affairs Kevin McDonald, Assistant to Senator Leahy Barbara Feininger, Senior Writer‐Editor for the Melody Gonzales, Assistant to Congressman Office of the Regents Becerra Grace L. Jaeger, Program Officer for the Office David Heil, Assistant to Congressman Johnson of the Regents Julie Eddy, Assistant to Congresswoman Matsui Richard Kurin, Under Secretary for History, Francisco Dallmeier, Head of the National Art, and Culture Zoological Park’s Center for Conservation John K.
    [Show full text]
  • Introduction to Unix
    Introduction to Unix Rob Funk <[email protected]> University Technology Services Workstation Support http://wks.uts.ohio-state.edu/ University Technology Services Course Objectives • basic background in Unix structure • knowledge of getting started • directory navigation and control • file maintenance and display commands • shells • Unix features • text processing University Technology Services Course Objectives Useful commands • working with files • system resources • printing • vi editor University Technology Services In the Introduction to UNIX document 3 • shell programming • Unix command summary tables • short Unix bibliography (also see web site) We will not, however, be covering these topics in the lecture. Numbers on slides indicate page number in book. University Technology Services History of Unix 7–8 1960s multics project (MIT, GE, AT&T) 1970s AT&T Bell Labs 1970s/80s UC Berkeley 1980s DOS imitated many Unix ideas Commercial Unix fragmentation GNU Project 1990s Linux now Unix is widespread and available from many sources, both free and commercial University Technology Services Unix Systems 7–8 SunOS/Solaris Sun Microsystems Digital Unix (Tru64) Digital/Compaq HP-UX Hewlett Packard Irix SGI UNICOS Cray NetBSD, FreeBSD UC Berkeley / the Net Linux Linus Torvalds / the Net University Technology Services Unix Philosophy • Multiuser / Multitasking • Toolbox approach • Flexibility / Freedom • Conciseness • Everything is a file • File system has places, processes have life • Designed by programmers for programmers University Technology Services
    [Show full text]
  • Qualys Policy Compliance Getting Started Guide
    Policy Compliance Getting Started Guide July 28, 2021 Verity Confidential Copyright 2011-2021 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks are the property of their respective owners. Qualys, Inc. 919 E Hillsdale Blvd Foster City, CA 94404 1 (650) 801 6100 Table of Contents Get Started ........................................................................................................ 5 Set Up Assets............................................................................................................................ 6 Start Collecting Compliance Data ............................................................... 8 Configure Authentication....................................................................................................... 8 Launch Compliance Scans ................................................................................................... 10 We recommend you schedule scans to run automatically .............................................. 12 How to configure scan settings............................................................................................ 12 Install Cloud Agents.............................................................................................................. 17 Evaluate Middleware Assets by Using Cloud Agent .......................................................... 17 Define Policies ................................................................................................. 21
    [Show full text]
  • Unix/Linux Command Reference
    Unix/Linux Command Reference .com File Commands System Info ls – directory listing date – show the current date and time ls -al – formatted listing with hidden files cal – show this month's calendar cd dir - change directory to dir uptime – show current uptime cd – change to home w – display who is online pwd – show current directory whoami – who you are logged in as mkdir dir – create a directory dir finger user – display information about user rm file – delete file uname -a – show kernel information rm -r dir – delete directory dir cat /proc/cpuinfo – cpu information rm -f file – force remove file cat /proc/meminfo – memory information rm -rf dir – force remove directory dir * man command – show the manual for command cp file1 file2 – copy file1 to file2 df – show disk usage cp -r dir1 dir2 – copy dir1 to dir2; create dir2 if it du – show directory space usage doesn't exist free – show memory and swap usage mv file1 file2 – rename or move file1 to file2 whereis app – show possible locations of app if file2 is an existing directory, moves file1 into which app – show which app will be run by default directory file2 ln -s file link – create symbolic link link to file Compression touch file – create or update file tar cf file.tar files – create a tar named cat > file – places standard input into file file.tar containing files more file – output the contents of file tar xf file.tar – extract the files from file.tar head file – output the first 10 lines of file tar czf file.tar.gz files – create a tar with tail file – output the last 10 lines
    [Show full text]
  • Lecture 1: Introduction to UNIX
    The Operating System Course Overview Getting Started Lecture 1: Introduction to UNIX CS2042 - UNIX Tools September 29, 2008 Lecture 1: UNIX Intro The Operating System Description and History Course Overview UNIX Flavors Getting Started Advantages and Disadvantages Lecture Outline 1 The Operating System Description and History UNIX Flavors Advantages and Disadvantages 2 Course Overview Class Specifics 3 Getting Started Login Information Lecture 1: UNIX Intro The Operating System Description and History Course Overview UNIX Flavors Getting Started Advantages and Disadvantages What is UNIX? One of the first widely-used operating systems Basis for many modern OSes Helped set the standard for multi-tasking, multi-user systems Strictly a teaching tool (in its original form) Lecture 1: UNIX Intro The Operating System Description and History Course Overview UNIX Flavors Getting Started Advantages and Disadvantages A Brief History of UNIX Origins The first version of UNIX was created in 1969 by a group of guys working for AT&T's Bell Labs. It was one of the first big projects written in the emerging C language. It gained popularity throughout the '70s and '80s, although non-AT&T versions eventually took the lion's share of the market. Predates Microsoft's DOS by 12 years! Lecture 1: UNIX Intro The Operating System Description and History Course Overview UNIX Flavors Getting Started Advantages and Disadvantages Lecture Outline 1 The Operating System Description and History UNIX Flavors Advantages and Disadvantages 2 Course Overview Class Specifics 3
    [Show full text]
  • Command-Line Sound Editing Wednesday, December 7, 2016
    21m.380 Music and Technology Recording Techniques & Audio Production Workshop: Command-line sound editing Wednesday, December 7, 2016 1 Student presentation (pa1) • 2 Subject evaluation 3 Group picture 4 Why edit sound on the command line? Figure 1. Graphical representation of sound • We are used to editing sound graphically. • But for many operations, we do not actually need to see the waveform! 4.1 Potential applications • • • • • • • • • • • • • • • • 1 of 11 21m.380 · Workshop: Command-line sound editing · Wed, 12/7/2016 4.2 Advantages • No visual belief system (what you hear is what you hear) • Faster (no need to load guis or waveforms) • Efficient batch-processing (applying editing sequence to multiple files) • Self-documenting (simply save an editing sequence to a script) • Imaginative (might give you different ideas of what’s possible) • Way cooler (let’s face it) © 4.3 Software packages On Debian-based gnu/Linux systems (e.g., Ubuntu), install any of the below packages via apt, e.g., sudo apt-get install mplayer. Program .deb package Function mplayer mplayer Play any media file Table 1. Command-line programs for sndfile-info sndfile-programs playing, converting, and editing me- Metadata retrieval dia files sndfile-convert sndfile-programs Bit depth conversion sndfile-resample samplerate-programs Resampling lame lame Mp3 encoder flac flac Flac encoder oggenc vorbis-tools Ogg Vorbis encoder ffmpeg ffmpeg Media conversion tool mencoder mencoder Media conversion tool sox sox Sound editor ecasound ecasound Sound editor 4.4 Real-world
    [Show full text]
  • Onsite Program
    2015 ASAP Global Alliance Summit Collaboration at the Core: Forging the Future of Partnering Onsite Program March 2 – 5, 2015 Orlando, Florida Hyatt Regency Orlando www.strategic-alliances.org/summit +1-774-256-1401 Platinum Sponsor Gold Sponsor Silver Sponsors Table of Contents Welcome to the 2015 ASAP Global Alliance Summit . .3 ASAP Executive Committee & Management Board & ASAP Program Committee . .4 Social Media Outlets & ASAP Global Staff . .5 Conference Agenda . .6 ASAP Global Members & Corporate Members . .11 Summit Sponsor Recognition . .12 ASAP Executive, Management & Advisory Board of Directors . .13 Overview of Sessions . .14 Alliance Excellence Awards Finalists . .16 Pre-Conference Professional Development Workshops . .18 Monday Session Descriptions . .21 Tuesday Session Descriptions . .22 Wednesday Session Descriptions . .27 Alliance Management Resource Center . .34 Conference Speakers . .36 2015 ASAP BioPharma Conference Call For Topics . .51 Floor Plan . .53 2 Stay up to date at www.strategic-alliances.org I March 2 – 5, 2015 I Orlando, Florida USA Welcome to the 2015 ASAP Global Alliance Summit On behalf of the Board of Directors and staff of the Association of Strategic Alliance Professionals, welcome to our 2015 Global Alliance Summit. We invite you to take the next three days to learn, engage, and experience the best the profession has to offer! We invite you to fully participate in this highly interactive experience where the learning comes as much from those assembled as from the many top-flight speakers and discussion leaders. Connect with your peers, partners, and industry executives to learn how others are confronting the challenges of our ever-changing business environment and forging the future of partnering.
    [Show full text]
  • BSD UNIX Toolbox 1000+ Commands for Freebsd, Openbsd
    76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iii BSD UNIX® TOOLBOX 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD®Power Users Christopher Negus François Caen 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page ii 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page i BSD UNIX® TOOLBOX 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page ii 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iii BSD UNIX® TOOLBOX 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD®Power Users Christopher Negus François Caen 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iv BSD UNIX® Toolbox: 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD® Power Users Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-0-470-37603-4 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 Library of Congress Cataloging-in-Publication Data is available from the publisher. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permis- sion should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.
    [Show full text]