Couchbase
Configure a Couchbase datasource on your Guardium® system.
You must configure one datasource per Couchbase instance.
Supported Authentication Methods
| Authentication | Supported |
|---|---|
| Local user | Yes |
| LDAP | Yes |
| Kerberos | No |
| SSL | No |
| Mutual SSL | Yes |
Steps to create, configure, and import the SSL client certificate into your Guardium system
- Use the Couchbase online documentation to setup Couchbase Server’s support of X.509 certificates.
- When you configure the server certificates, create a customized certificate extensions file, which adds the node constraints to the generic constraints that are already specified. Add both IP and DNS with hostname to the subjectAltName to avoid getting an error. For example: echo "subjectAltName = IP:9.42.32.60,DNS:dba-informix02.rtp.raleigh.ibm.com" \>> ./server.ext.tmp.
- Use the Couchbase online documentation to create an SSL client certificate to import into your Guardium system. The SSL client certificate must contain the client certificate and its private key.
- Create an SSL Datasource on your Guardium system.
Parameters
| Field | Description |
|---|---|
| Host Name/IP | Required. The hostname or IP address of the datasource. |
| Port number | Required. Default value: 8091 When you connect using custom ports, use the externally visible ports on the client side. For cluster manager ports, enter the custom port number. For custom query service port (kv port) enter the custom value in the Connection property field by using the format in this example: customKvPort=11214 |
| Database | The name of the database.
If LDAP authentication is used, specify a valid bucket name for the database.
Note: All the
Couchbase vulnerability assessment tests are configuration tests and privilege tests. The tests do
not scan or access any data that's stored in a bucket.
|
| Connection property | Properties that must be included in the JDBC URL to establish a JDBC
connection with the datasource. The required format is
property1=value;property2=value, where each property and value pair is
separated by a semicolon. For examples, refer to the database vendor's JDBC documentation. |
CAS (Configuration Auditing System) database instance
If you are a CAS user, configure the CAS database instance.
| Field | Description |
|---|---|
| Account | For the default installation of Couchbase, enter the "root" user. For a non-root or non-sudo installation, enter the OS user account. |
| Directory | The name of the installation directory.
You can specify multiple paths for the database instance directory. Indicate a separate path by
using a pipe For example: /root|installpath=opt/couchbase. Where: /root is the instance account directory. installpath=opt/couchbase is the installation directory. When you install Couchbase with an RPM package, you must have root or sudo privileges. It is likely that the home directory of root user /root is the instance account directory. For a non-root or non-sudo installation, the instance account directory is the home directory of the OS user account under which Couchbase is installed. When you install Couchbase with an RPM package, the installation directory is /opt/couchbase by default. For a non-root or non-sudo installation, enter the path to the installation location. For example: /home/cb651/cb/opt/couchbase. |