Rule ID
SV-279331r1179501_rule
Version
V1R1
CCIs
Database management includes the ability to control the number of users and user sessions utilizing a DBMS. Unlimited concurrent connections to the DBMS could allow a successful denial-of-service (DoS) attack by exhausting connection resources; and a system can also fail or be degraded by an overload of legitimate users. Limiting the number of concurrent sessions per user is helpful in reducing these risks. This requirement addresses concurrent session control for the total number of sessions across all accounts. (Sessions may also be referred to as connections or logons, which for the purposes of this requirement are synonyms.)
Mongo can limit the total number of connections. Verify the MongoDB configuration file (default location: /etc/mongod.conf) contains the following: net: maxIncomingConnections: %int% If this parameter is not present, or the OS is not used to limit connections, this is a finding.
MongoDB can limit the total number of connections served by the mongod process by setting the following in the MongoDB configuration file (default location: /etc/mongod.conf): net: maxIncomingConnections: %int% Refer to the following documentation: https://www.mongodb.com/docs/manual/reference/configuration-options/ Products outside of MongoDB can be used to monitor database sessions and limit the maximum number of connections that can be made. Alternatively, most Unix-like operating systems, including Linux and macOS, provide ways to limit and control the usage of system resources such as threads, files, and network connections on a per-process and per-user basis. These ulimits prevent single users from using too many system resources. The following is the MongoDB documentation regarding these user limits: https://www.mongodb.com/docs/manual/reference/ulimit/.