MongoDB must protect its audit features from unauthorized access.

[nwwatson]

Run these commands:

chown mongod <MongoDB configuration file>
chgrp mongod <MongoDB configuration file>
chmod 600 <MongoDB configuration file>

(The name and location for the MongoDB configuration file will vary according to local circumstances. The default name and location is /etc/mongod.conf.)

Using the default name and location the commands would be:

chown mongod /etc/mongod.conf  
chgrp  mongod /etc/mongod.conf  
chmod 660 /etc/mongod.conf 

The output of the command

stat /etc/mongod.conf

should look similar to the following for a correctly owned and permissioned MongoDB configuration file (default /etc/mongod.conf):

stat /etc/mongod.conf
  File: ‘/etc/mongod.conf’
  Size: 1034              Blocks: 8          IO Block: 4096   regular file
Device: 802h/2050d        Inode: 16340       Links: 1
Access: (0660/-rw-rw----)  Uid: (  997/  mongod)   Gid: (  996/  mongod)
Context: system_u:object_r:etc_t:s0
Access: 2020-03-16 14:15:17.777000000 -0400
Modify: 2020-03-16 12:50:45.567000000 -0400
Change: 2020-03-16 14:27:32.451000000 -0400
 Birth: -

[nwwatson]

Need to check the permissions on this. First section of shell chmod's to 600, second chmod's to 660.

[nwwatson]

Also mentions /etc/mongod.conf have permissions of 600 in MD7X-00-002700

[nwwatson]

addresses MD7X-00-005500

[nwwatson]

addresses MD7X-00-005600