STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:

DB2 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.

DISA Rule

SV-89249r1_rule

Vulnerability Number

V-74575

Group Title

SRG-APP-000515-DB-000318

Rule Version

DB2X-00-012600

Severity

CAT II

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Configure the separate log management facility to absorb audit logs data from comma delimited files produced by extracting the audit data from archived audit logs.

Check Contents

Run the following command to find the value of “Audit Data Path” and “Audit Archive Path”

$db2audit describe

DB2 can asynchronously extract the audit records in comma delimited format from “Audit Archive Path”.

If a separate log management facility approved by the organization exists and is configured to absorb the comma delimited audit log files, this is not a finding.

If a separate log management facility is not configured to absorb the extracted log data, this is a finding.

Vulnerability Number

V-74575

Documentable

False

Rule Version

DB2X-00-012600

Severity Override Guidance

Run the following command to find the value of “Audit Data Path” and “Audit Archive Path”

$db2audit describe

DB2 can asynchronously extract the audit records in comma delimited format from “Audit Archive Path”.

If a separate log management facility approved by the organization exists and is configured to absorb the comma delimited audit log files, this is not a finding.

If a separate log management facility is not configured to absorb the extracted log data, this is a finding.

Check Content Reference

M

Target Key

3161

Comments