Trustwave Database Security Knowledgebase (ShatterKB) 6.37 is now available. It introduces new checks for Redis and Redis.
New Checks - Redis
- Password same as Account name
Description: Verify that no user accounts have passwords that are the same as the account name.
Risk: High
- Verify that all software components that have been replaced have been removed
Description: Verify that all software components that have been replaced by upgrade have been removed.
Risk: Low
- Server software version installed
Description: Report server software version installed.
Risk: Informational
- File Access UMASK value
Description: Verify that the system default UMASK value is set to at least 077.
Risk: Medium
- Verify Redis home directory for a single installed service
Description: Verify that the Redis instance is a single installed service in the directory.
Risk: Low
- No patches available for version
Description: Check the version to determine if the database is a supported version that will be patched when security vulnerabilities are discovered.
Risk: High
- Verify 'requirepass' plaintext password match to any ACL
Description: Verify that no user account has the same password that is used in the "requirepass" configuration parameter.
Risk: High
- Verify proxy certificate
Description: Verify if the 'proxy_cert.pem' certificate exists.
Risk: High
- Maximum Concurrent Connected Clients
Description: Verify that the number of maximum concurrent connected clients to the database is limited to an organization-defined value.
Risk: Medium
- High privileged account 'default' should be disabled
Description: Verify that the 'default' account is disabled or removed.
Risk: Medium
- Ensure Audit rsyslog logging is enabled
Description: Verify Audit logging is enabled and configured.
Risk: Medium
- Latest patch not applied
Description: Verify that the latest patches are applied to the database.
Risk: High
- Verify user for a single password
Description: Verify that the user has set only one password.
Risk: Medium
- Ensure the --askpass parameter is used every time with redis-cli
Description: Ensure the --askpass parameter is used every time the redis-cli tool is executed.
Risk: High
- Credential Verification
Description:
Risk: Informational
- Review User accounts Access Control List (ACL) assignments
Description: Verify that the existence of ACL's are still appropriate to business concerns.
Risk: Medium
- Ensure Logrotate is configured
Description: Ensure the 'logrotate.conf' is configured for Redis.
Risk: Medium
- List of all databases on the instance
Description: Reports list of all databases on the instance.
Risk: Informational
- Credential Verification
Description:
Risk: Informational
- Ensure the database partition is encrypted
Description: Verify the operating system implements encryption to protect the confidentiality and integrity of information at rest.
Risk: High
- Verify users with database access are not members of the 'dangerous' role
Description: Verify users with database access that are not members of the 'dangerous' role.
Risk: Medium
- Verify OpenSSL version and FIPS state
Description: Verify that the installed OpenSSL library is FIPS compliant.
Risk: High
- Verify active ports on the server
Description: Verify network ports that are active on the server.
Risk: Medium
- Ensure user accounts have set password
Description: Verify that no accounts have blank passwords.
Risk: High
Availability
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/Company/Support/ and select AppDetectivePRO or DbProtect)
- AppDetectivePRO customers can use the Updater within the product as well.
