MongoDB Syntax

The syntax for this plugin and an audit are as follows:

<custom_item>

description: "MongoDB - single_user_in_any_database"

mongo_function: "single_user_in_any_database"

known_good: "no single-user databases"

</custom_item>

<custom_item>

description: "MongoDB - matching_hashes"

mongo_function: "matching_hashes"

known_good: "no matching hashes"

</custom_item>

<custom_item>

description: "MongoDB - user_can_eval"

mongo_function: "user_can_eval"

known_good: "no user can run eval commands"

</custom_item>

MongoDB audit can also support custom checks:

<custom_item>

description: "Require Authentication - DB Users - 'User authenticated by MONGODB-CR'"

collection: "admin.system.users"

query: '{"credentials.MONGODB-CR": {"$exists": 1}}'

fieldsSelector: '{"_id": 0, "user" : 1}'

regex: "user"

</custom_item>