STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance messaging server must generate log records for access and authentication events.

DISA Rule

SV-89583r1_rule

Vulnerability Number

V-74909

Group Title

SRG-APP-000089-AS-000050

Rule Version

MQMH-AS-001110

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

The following events may be logged for each queue manager on the MQ Appliance:

Authority (AUTHOREV), Inhibit (INHIBITEV), Local (LOCALEV), Remote (REMOTEEV), Start and stop (STRSTPEV), Performance (PERFMEV), Command (CMDEV), Channel (CHLEV), Channel auto definition (CHADEV), SSL (SSLEV), Configuration (CONFIGEV)

To enable logging for a queue manager, enter the following from the MQ Appliance CLI for each event for which you wish to enable logging:

To access the MQ Appliance CLI, enter the following:
mqcli

runmqsc [queue mgr name]
ALTER QMGR [event name](ENABLED)
end

Note: Any MQ monitoring solution that connects to MQ as a client may be used to monitor event queues.

Check Contents

Establish an SSH command line session as an admin user.

To access the MQ Appliance CLI, enter:
mqcli

To identify the queue managers, enter:
dspmq

For each queue manager identified, run the command:
runmqsc [queue name]

DIS QMGR EVENT

A list of all events will be displayed along with an indication of if event logging is enabled. The events are as follows:

Authority: AUTHOREV, Inhibit: INHIBITEV, Local: LOCALEV, Remote: REMOTEEV, Start and stop: STRSTPEV, Performance: PERFMEV, Command: CMDEV, Channel: CHLEV, Channel auto definition: CHADEV, SSL: SSLEV, Configuration: CONFIGEV

If and required event logging is not enabled for running queue managers, this is a finding.

Vulnerability Number

V-74909

Documentable

False

Rule Version

MQMH-AS-001110

Severity Override Guidance

Establish an SSH command line session as an admin user.

To access the MQ Appliance CLI, enter:
mqcli

To identify the queue managers, enter:
dspmq

For each queue manager identified, run the command:
runmqsc [queue name]

DIS QMGR EVENT

A list of all events will be displayed along with an indication of if event logging is enabled. The events are as follows:

Authority: AUTHOREV, Inhibit: INHIBITEV, Local: LOCALEV, Remote: REMOTEEV, Start and stop: STRSTPEV, Performance: PERFMEV, Command: CMDEV, Channel: CHLEV, Channel auto definition: CHADEV, SSL: SSLEV, Configuration: CONFIGEV

If and required event logging is not enabled for running queue managers, this is a finding.

Check Content Reference

M

Target Key

3239

Comments