Set Up InformixDB Authentication

Each InformixDB record identifies account login credentials, database information and target hosts (IPs).

This record type is only available in accounts with PC and is only supported for policy compliance scans.

Which technologies are supported?

For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article: 

Authentication Technologies Matrix

Which connections are supported?

Only DRDA connections are supported, including "DRDA over TCP" and "DRDA over SSL/TLS", i.e. connection strings "drsoctcp", "drtlitcp", "drsocssl", "drtlissl", but not SQLI, i.e. not connection strings starting with "on".

How do I get started?

- Review the InformixDB authentication setup guide for system and account requirements.

- Go to Scans > Authentication.

- Check that you have a Unix record already defined for the host running the database.

- Create a InformixDB record for the same host. Go to New > Databases > InformixDB.

What do I enter in the User Name field?

Enter the user name to be used for authentication to InformixDB server.

Tell me about SSL verification

Select to perform a complete SSL certificate validation. This option is only valid for servers that support SSL.

- If unchecked (the default), Qualys scanners authenticate with InformixDB servers that don't use SSL and  InformixDB servers that use SSL. However, in the SSL case, the server SSL certificate verification is skipped.

- If checked, Qualys scanners will only send a login request after verifying that a connection to InformixDB server uses SSL, the server SSL certificate is valid and matches the scanned host. In this case, enter the client certificate (PEM-encoded X.509 certificate) and client key (PEM-encoded X.509 RSA private key) on the Private Key / Certificate tab while creating Unix record.

What do I enter in the Hosts field?

A list of FQDNs for the hosts that correspond to all host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed. Multiple hosts are comma separated.

What database information is required?

Tell us the database name to authenticate to, the unique name of the database server and the port used for DRDA communication the database is running on. We provide default settings for both but these may be customized.

Enter the full path to the InformixDB configuration files on your Unix hosts. These files are accessed to run certain checks. Ensure that files are in the same location for all the hosts that you want scan.

Which IPs should I add to my record?

Select the IP addresses for the InformixDB databases that the scanning engine should log into using the specified credentials.

Tell me about user permissions

Managers can add authentication records. Unit Managers must be granted the Create/edit authentication records permission.

Important Notes for Unit Managers

When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.