Questions on Restrict permissions for CMDB model hardening setting

Rain Vaine
Kilo Sage

‎07-01-2024 09:18 PM

Hello experts,

While browsing and investigating on the security hardening settings, it seems that the 'Restrict Permissions for CMDB Model' security center hardening is compliant even though there is nothing configured to it. See below:

RainVaine_0-1719893682984.png


When I also verified on the properties, I cannot find that property and the plugin mentioned is also not installed,

RainVaine_1-1719893724517.png

RainVaine_2-1719893740421.png

Do anyone of you know why does it show as compliant even though there is nothing configured?
I can see that this behavior is existing also in a number of PDI's

 

Regards,
Vaine



0 Helpfuls
  • 258 Views
3 REPLIES 3

Slava Savitsky
Giga Sage

‎07-02-2024 02:58 AM

The recommendation is to set that property to true IF the plugin is active. If the plugin is not active, the property does not make any difference, so in that case you are compliant regardless of its existence and/or value.


Blog: https://sys.properties | Telegram: https://t.me/sys_properties | LinkedIn: https://www.linkedin.com/in/slava-savitsky/
0 Helpfuls

Rain Vaine
Kilo Sage
In response to Slava Savitsky

‎07-03-2024 12:43 AM

Hello,
But there is an instance in Vancouver PDI with SC in 1.2.0 version with that same setting, the plugin is not active and the property is not visible, it display as non-compliant.

RainVaine_0-1719992538893.pngRainVaine_1-1719992558052.png

RainVaine_2-1719992565506.png

Regards,
Vaine



0 Helpfuls

Slava Savitsky
Giga Sage
In response to Rain Vaine

‎07-03-2024 02:26 AM

Note that in this instance there is no IF clause in the description of the setting, which suggests it uses a different logic for evaluation of compliance/non-compliance. Is this instance on the same version as the other one?


Blog: https://sys.properties | Telegram: https://t.me/sys_properties | LinkedIn: https://www.linkedin.com/in/slava-savitsky/
0 Helpfuls