The MQ Appliance network device must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

An XCCDF Rule

Description

Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. Using a syslog logging target, the MQ Appliance logs audit events, including the continuous backup of audit records. Logging may be set to the following logging levels in descending order of criticality: debug, info, notice, warn, error, alert, emerg. The default is notice.

ID: SV-89613r1_rule
Version: MQMH-ND-000430
Severity: Medium
References: CCI-001348
Updated: 7 days ago

Remediation Templates

Log on to the MQ Appliance CLI as a privileged user. 

Configure a syslog target. 

To enter global configuration mode, enter "config". 
To create a syslog target, enter: 
logging target <logging target name> 
type syslog 
admin-state enabled 
local-address <MQ Appliance IP> 
remote-address <syslog server IP> 
remote-port <syslog server port> 
event audit info 
event auth notice 
event mgmt notice 
event cli notice 
event user notice 
event system error 
exit 
write mem 
y

The MQ Appliance network device must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

Description

Remediation Templates

A Manual Procedure