STIGQter STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:

DB2 must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.

DISA Rule

SV-89123r1_rule

Vulnerability Number

V-74449

Group Title

SRG-APP-000101-DB-000044

Rule Version

DB2X-00-001800

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the application to write the organization-defined information to a database table.

Set the auditing for the database table capturing the organization-defined information so that it is written to the database audit.

Define an audit policy with the needed subset using the CREATE AUDIT POLICY SQL statement:
DB2> CREATE AUDIT POLICY <table audit policy name>
CATEGORIES CONTEXT STATUS BOTH, EXECUTE STATUS BOTH
ERROR TYPE AUDIT

To modify an existing audit policy, replace "CREATE" with "ALTER" in the preceding statement. Only the categories explicitly named in the statement will be affected. In this case, the changes take effect immediately.

If CREATE was used above, apply the policy created to the database:
DB2> AUDIT TABLE <org info table> using <audit policy name>

Check Contents

Check with the ISSO if any more of the organization-defined information needs to be captured as part of DBMS auditing.

If there is additional information that needs to be captured and is currently not being written to audit logs, this is a finding.

Vulnerability Number

V-74449

Documentable

False

Rule Version

DB2X-00-001800

Severity Override Guidance

Check with the ISSO if any more of the organization-defined information needs to be captured as part of DBMS auditing.

If there is additional information that needs to be captured and is currently not being written to audit logs, this is a finding.

Check Content Reference

M

Target Key

3161

Comments