STIGQter STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:

Unless it has been determined that availability is paramount, DB2 must, upon audit failure, cease all auditable activity.

DISA Rule

SV-89125r1_rule

Vulnerability Number

V-74451

Group Title

SRG-APP-000109-DB-000049

Rule Version

DB2X-00-001900

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Drop and recreate the policy with ERROR TYPE as required by the ISSO or run the ALTER AUDIT POLICY command to set the ERROR TYPE as per ISSO requirement.

Run the following command to drop and recreate the policy:
DB2> DROP AUDIT POLICY <audit2>
DB2> CREATE AUDIT POLICY <audit2>
CATEGORIES EXECUTE WITH DATA STATUS BOTH ERROR TYPE AUDIT

To alter the audit policy:
DB2> ALTER AUDIT POLICY <audit2>
CATEGORIES EXECUTE WITH DATA STATUS BOTH ERROR TYPE AUDIT

Check Contents

Ask the ISSO whether the system should stay available or stop processing the auditable events.

If the system needs to stay available and the Error Type is set to 'A' for the policies then this is not applicable (NA).

Run the following SQL statement to find the Error type value for all audit policies:
DB2> SELECT * FROM SYSCAT.AUDITPOLICIES

If the system needs to stop processing the auditable events and Error Type is not set to 'A' then this is a finding.

Vulnerability Number

V-74451

Documentable

False

Rule Version

DB2X-00-001900

Severity Override Guidance

Ask the ISSO whether the system should stay available or stop processing the auditable events.

If the system needs to stay available and the Error Type is set to 'A' for the policies then this is not applicable (NA).

Run the following SQL statement to find the Error type value for all audit policies:
DB2> SELECT * FROM SYSCAT.AUDITPOLICIES

If the system needs to stop processing the auditable events and Error Type is not set to 'A' then this is a finding.

Check Content Reference

M

Target Key

3161

Comments