Each InformixDB record identifies account login credentials, database information and target hosts (IPs).
This record type is only available in accounts with PC and is only supported for policy compliance scans.
For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article:
Authentication Technologies Matrix
Only DRDA connections are supported, including "DRDA over TCP" and "DRDA over SSL/TLS", i.e. connection strings "drsoctcp", "drtlitcp", "drsocssl", "drtlissl", but not SQLI, i.e. not connection strings starting with "on".
- Review the InformixDB authentication setup guide for system and account requirements.
- Go to Scans > Authentication.
- Check that you have a Unix record already defined for the host running the database.
- Create a InformixDB record for the same host. Go to New > Databases > InformixDB.
Enter the user name to be used for authentication to InformixDB server.
Select to perform a complete SSL certificate validation. This option is only valid for servers that support SSL.
- If unchecked (the default), Qualys scanners authenticate with InformixDB servers that don't use SSL and InformixDB servers that use SSL. However, in the SSL case, the server SSL certificate verification is skipped.
- If checked, Qualys scanners will only send a login request after verifying that a connection to InformixDB server uses SSL, the server SSL certificate is valid and matches the scanned host. In this case, enter the client certificate (PEM-encoded X.509 certificate) and client key (PEM-encoded X.509 RSA private key) on the Private Key / Certificate tab while creating Unix record.
A list of FQDNs for the hosts that correspond to all host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed. Multiple hosts are comma separated.
Tell us the database name to authenticate to, the unique name of the database server and the port used for DRDA communication the database is running on. We provide default settings for both but these may be customized.
Enter the full path to the InformixDB configuration files on your Unix hosts. These files are accessed to run certain checks. Ensure that files are in the same location for all the hosts that you want scan.
Select the IP addresses for the InformixDB databases that the scanning engine should log into using the specified credentials.
Managers can add authentication records. Unit Managers must be granted the Create/edit authentication records permission.
When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.