Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-75013 | MQMH-ND-001390 | SV-89687r1_rule | Medium |
Description |
---|
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Using a syslog logging target, the MQ Appliance logs all audit records to the syslog. Logging may be set to the following logging levels in descending order of criticality: debug, info, notice, warn, error, alert, emerg. The default is notice. Off-loading is a common process in information systems with limited audit storage capacity. |
STIG | Date |
---|---|
IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide | 2017-06-06 |
Check Text ( C-74865r1_chk ) |
---|
Log on to the MQ Appliance CLI as a privileged user. Enter: co show logging target All configured logging targets will be displayed. Verify: - This list includes a remote syslog notification target; and - It includes all desired log event source and log level parameters: event audit info event auth notice event mgmt notice event cli notice event user notice event system error Ask the system admin to provide logs from syslog server and verify the MQ appliance is logging to the syslog server. If the logs are not off-loaded, this is a finding. |
Fix Text (F-81641r1_fix) |
---|
Log on to the MQ Appliance CLI as a privileged user. To enter global configuration mode, enter "config". To create a syslog target, enter: logging target type syslog admin-state "enabled" local-address remote-address remote-port event audit debug event auth debug event mgmt debug event cli debug event user debug event system error exit write mem y Configure the MQ appliance to off-load audit records to a remote syslog server. |