The MQ Appliance network device must notify the administrator of changes to access and/or privilege parameters of the administrator account that occurred since the last logon.
An XCCDF Rule
Description
<VulnDiscussion>Providing administrators with information regarding security-related changes to their account allows them to determine if any unauthorized activity has occurred. Changes to the account could be an indication of the account being compromised. Hence, without notification to the administrator, the compromise could go undetected if other controls were not in place to mitigate this risk. Using a syslog logging target, the MQ Appliance logs all changes to access or privilege parameters. Logging may be set to the following logging levels in descending order of criticality: debug, info, notice, warn, error, alert, emerg. The default is notice. It is the responsibility of the sysadmin to configure the triggers necessary to send alerts based upon information received at the syslog server. To meet the requirement, the sysadmin must trigger notification upon receiving the following audit event: 0x8240001f. Changes to access and/or privilege parameters will fall into this event category. Ask the admin to provide evidence these alerts are configured.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-89607r1_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Log on to the MQ Appliance CLI as a privileged user.
Configure a syslog target by using the command line interface (CLI).
To enter global configuration mode, enter "config".