STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:

DB2 must produce audit records containing sufficient information to establish the outcome (success or failure) of the events.

DISA Rule

SV-89121r1_rule

Vulnerability Number

V-74447

Group Title

SRG-APP-000099-DB-000043

Rule Version

DB2X-00-001600

Severity

CAT II

CCI(s)

• CCI-000134 - The information system generates audit records containing information that establishes the outcome of the event.

Weight

10

Fix Recommendation

Drop and recreate the policy with STATUS set to ""Both"" or use ALTER POLICY to set the STATUS='B'.

To drop and recreate a policy use following statements:
DB2> DROP AUDIT POLICY <audit1>
DB2> CREATE AUDIT POLICY <audit1>
CATEGORIES < audit categories > STATUS BOTH ERROR TYPE AUDIT

To alter the audit policy:
DB2> ALTER AUDIT POLICY <audit1>
CATEGORIES < audit categories > STATUS BOTH ERROR TYPE AUDIT

Notes: Each audit record has an Event Status represented by a SQLCODE where Successful event > = 0 Failed event < 0. To generate a record for both success and failed events, all the audit policies should be created with STATUS 'BOTH'.

CREATE AUDIT POLICY information:
http://www-01.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.sql.ref.doc/doc/r0050607.html?lang=en

ALTER AUDIT POLICY information:
http://www-01.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.sql.ref.doc/doc/r0050608.html?cp=SSEPGG_10.5.0%2F2-12-7-7&lang=en"

Check Contents

Run the following SQL statement to confirm that all audit policies are created with STATUS='B':
DB2> SELECT * FROM SYSCAT.AUDITPOLICIES

If any audit policy does not have the values for all the audit category columns set to 'B' (Both) and the value in the ERRORTYPE column set to 'A' (Audit), EXECUTEWITHDATA to 'Y' for Execute category audit policies, this is a finding.

Vulnerability Number

V-74447

Documentable

False

Rule Version

DB2X-00-001600

Severity Override Guidance

Run the following SQL statement to confirm that all audit policies are created with STATUS='B':
DB2> SELECT * FROM SYSCAT.AUDITPOLICIES

If any audit policy does not have the values for all the audit category columns set to 'B' (Both) and the value in the ERRORTYPE column set to 'A' (Audit), EXECUTEWITHDATA to 'Y' for Execute category audit policies, this is a finding.

Check Content Reference

M

Target Key

3161

Comments