STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017: STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:SV-89687r1_rule
V-75013
SRG-APP-000515-NDM-000325
MQMH-ND-001390
CAT II
10
Log on to the MQ Appliance CLI as a privileged user.
To enter global configuration mode, enter "config".
To create a syslog target, enter:
logging target <logging target name>
type syslog
admin-state "enabled"
local-address <MQ Appliance IP>
remote-address <syslog server IP>
remote-port <syslog server port>
event audit debug
event auth debug
event mgmt debug
event cli debug
event user debug
event system error
exit
write mem
y
Configure the MQ appliance to off-load audit records to a remote syslog server.
Log on to the MQ Appliance CLI as a privileged user.
Enter:
co
show logging target
All configured logging targets will be displayed. Verify:
- This list includes a remote syslog notification target; and
- It includes all desired log event source and log level parameters:
event audit info
event auth notice
event mgmt notice
event cli notice
event user notice
event system error
Ask the system admin to provide logs from syslog server and verify the MQ appliance is logging to the syslog server.
If the logs are not off-loaded, this is a finding.
V-75013
False
MQMH-ND-001390
Log on to the MQ Appliance CLI as a privileged user.
Enter:
co
show logging target
All configured logging targets will be displayed. Verify:
- This list includes a remote syslog notification target; and
- It includes all desired log event source and log level parameters:
event audit info
event auth notice
event mgmt notice
event cli notice
event user notice
event system error
Ask the system admin to provide logs from syslog server and verify the MQ appliance is logging to the syslog server.
If the logs are not off-loaded, this is a finding.
M
3243