Best Practices for MongoDB Authentication Setup

This guide provides detailed instructions for setting up MongoDB authentication specifically for compliance scans. It outlines the importance of using authentication to achieve a more thorough assessment of hosts, resulting in accurate results and fewer false positives. The document emphasizes that authentication is required for compliance scans and ensures that credentials are handled securely, allowing only read access. It details the steps necessary to create a MongoDB user account and the privileges required for authenticated scanning. The guide includes scripts for creating roles and user accounts, verifying privileges, and managing authentication records for multiple MongoDB instances. Additionally, it discusses the options for local and external LDAP authentication, the use of private keys, and the importance of SSL for secure connections. The document concludes with recommendations for configuring the MongoDB setup to facilitate successful compliance scanning.