Trustwave Database Security Knowledgebase (ShatterKB) 6.37 is now available. It introduces new checks for Redis and Redis.
New Checks - Redis
- Password same as Account name
- Description: Verify that no user accounts have passwords that are the same as the account name.
- Risk: High
- Verify that all software components that have been replaced have been removed
- Description: Verify that all software components that have been replaced by upgrade have been removed.
- Risk: Low
- Server software version installed
- Description: Report server software version installed.
- Risk: Informational
- File Access UMASK value
- Description: Verify that the system default UMASK value is set to at least 077.
- Risk: Medium
- Verify Redis home directory for a single installed service
- Description: Verify that the Redis instance is a single installed service in the directory.
- Risk: Low
- No patches available for version
- Description: Check the version to determine if the database is a supported version that will be patched when security vulnerabilities are discovered.
- Risk: High
- Verify 'requirepass' plaintext password match to any ACL
- Description: Verify that no user account has the same password that is used in the "requirepass" configuration parameter.
- Risk: High
- Verify proxy certificate
- Description: Verify if the 'proxy_cert.pem' certificate exists.
- Risk: High
- Maximum Concurrent Connected Clients
- Description: Verify that the number of maximum concurrent connected clients to the database is limited to an organization-defined value.
- Risk: Medium
- High privileged account 'default' should be disabled
- Description: Verify that the 'default' account is disabled or removed.
- Risk: Medium
- Ensure Audit rsyslog logging is enabled
- Description: Verify Audit logging is enabled and configured.
- Risk: Medium
- Latest patch not applied
- Description: Verify that the latest patches are applied to the database.
- Risk: High
- Verify user for a single password
- Description: Verify that the user has set only one password.
- Risk: Medium
- Ensure the --askpass parameter is used every time with redis-cli
- Description: Ensure the --askpass parameter is used every time the redis-cli tool is executed.
- Risk: High
- Credential Verification
- Description:
- Risk: Informational
- Review User accounts Access Control List (ACL) assignments
- Description: Verify that the existence of ACL's are still appropriate to business concerns.
- Risk: Medium
- Ensure Logrotate is configured
- Description: Ensure the 'logrotate.conf' is configured for Redis.
- Risk: Medium
- List of all databases on the instance
- Description: Reports list of all databases on the instance.
- Risk: Informational
- Credential Verification
- Description:
- Risk: Informational
- Ensure the database partition is encrypted
- Description: Verify the operating system implements encryption to protect the confidentiality and integrity of information at rest.
- Risk: High
- Verify users with database access are not members of the 'dangerous' role
- Description: Verify users with database access that are not members of the 'dangerous' role.
- Risk: Medium
- Verify OpenSSL version and FIPS state
- Description: Verify that the installed OpenSSL library is FIPS compliant.
- Risk: High
- Verify active ports on the server
- Description: Verify network ports that are active on the server.
- Risk: Medium
- Ensure user accounts have set password
- Description: Verify that no accounts have blank passwords.
- Risk: High
Availability
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/Company/Support/ and select AppDetectivePRO or DbProtect)
- AppDetectivePRO customers can use the Updater within the product as well.
