MongoDB

Configure a MongoDB datasource on your Guardium® system.

Supported Authentication Methods

Authentication Supported
Local user Yes
LDAP Yes
Kerberos Yes
SSL Yes
Mutual SSL Yes

Parameters

Field Description
Host Name/IP Required. The hostname or IP address of the datasource.
Port number Required. Default value: 27017.
Database The name of the database.
Connection property Properties that must be included in the JDBC URL to establish a JDBC connection with the datasource. The required format is property1=value;property2=value, where each property and value pair is separated by a semicolon.
For examples, refer to the database vendor's JDBC documentation.

Example:

  • streamType=nio2|netty: The stream type to use for connections. If unspecified, nio2 is used.
  • sslInvalidHostNameAllowed=true|false: Specify whether invalid hostnames for SSL are allowed or not.
  • connections.connectTimeoutMS=ms: How long a connection takes to be open before it times out.
  • socketTimeoutMS=ms: How long a send or receive on a socket takes before it times out.
  • maxIdleTimeMS=ms: Maximum idle time of a pooled connection. A connection that exceeds this limit is closed.
  • maxLifeTimeMS=ms: Maximum life time of a pooled connection. A connection that exceeds this limit is closed.

CAS (Configuration Auditing System) database instance

If you are a CAS user, configure the CAS database instance.

Important: To allow CAS scripts to run successfully as the MONGOD user, you must change the entry in /etc/passwd from /bin/false to /bin/bash. By updating this file path, you can see data in the predefined CAS Saved Data report and avoid a potential No CAS Data result in your vulnerability assessment.
Field Description
Account The name of the account owner.
Examples:
  • mongodb
  • mongos
Directory The name of the installation directory.

You can specify multiple paths for the database instance directory. Indicate a separate path by using a pipe | with spaces.

For example, /var/lib/mongo | MongoBinary=/usr/bin | dbpath=/var/lib/mongo | logpath=/var/log/mongodb | keytab=/home/keytab | dbdumppath=/opt/backup | sslpath=/etc/ssl | keyfile=/home/mongod/mongo_server.keyfile.

Where:
  • /var/lib/mongo path is the home directory path for the MongoDB user. This entry is required.
  • MongoBinary=/usr/bin is the path to the MongoDB binary. The variable MongoBinary is case-sensitive.
  • dbpath=/var/lib/mongo is the path to the data files. In this example, it is the same as the MongoDB home directory.
  • logpath=/var/log/mongodb is the path to the MongoDB log.
  • keytab=/home/keytab is the directory to the MongoDB keytab file.
  • dbdumppath=/opt/backup is the directory to the MongoDB backup dump.
  • sslpath=/etc/ssl is the path to MongoDB SSL files.
  • keyfile=/home/mongod/mongo_server.keyfile points to the MongoDB keyfile.

It is not required to define all the paths that are listed in this example. The paths that are not defined are not analyzed.