Symantec Enterprise Security Manager IBM DB2 Modules User Guide for Windows and UNIX. Version 4.2

Similar documents
Symantec Enterprise Security Manager IBM DB2 Modules User Guide for Windows and UNIX. Version 4.6

Symantec Enterprise Security Manager Modules for IBM DB2 Databases (Windows) User s Guide 3.0. Release for Symantec ESM 6.5.x and 9.

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5

Symantec Enterprise Security Manager Modules for Oracle Release Notes

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. AIX 5.3 and 6.1

Symantec Enterprise Security Manager Baseline Policy Manual for Security Essentials. Solaris 10

Altiris Software Management Solution 7.1 from Symantec User Guide

Configuring Symantec. device

Veritas CommandCentral Enterprise Reporter Release Notes

Security Content Update Release Notes for CCS 12.x

Configuring Symantec Protection Engine for Network Attached Storage for Hitachi Unified and NAS Platforms

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

Symantec NetBackup Vault Operator's Guide

IM: Symantec Security Information Manager Patch 4 Resolved Issues

Symantec Enterprise Vault Technical Note

Altiris Client Management Suite 7.1 from Symantec User Guide

Configuring Symantec AntiVirus for BlueArc Storage System

Symantec Security Information Manager FIPS Operational Mode Guide

Symantec Workflow Solution 7.1 MP1 Installation and Configuration Guide

Veritas Storage Foundation and High Availability Solutions Getting Started Guide

Veritas Cluster Server Application Note: High Availability for BlackBerry Enterprise Server

Symantec NetBackup for Lotus Notes Administrator's Guide. Release 7.6

Symantec Enterprise Security Manager Modules for Microsoft SQL Server Databases Release Notes. Release 2.1 for Symantec ESM 6.0, 6.1, and 6.5.

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Veritas Operations Manager Storage Insight Add-on for Deep Array Discovery and Mapping 4.0 User's Guide

Veritas Desktop and Laptop Option 9.2. Disaster Recovery Scenarios

Symantec Enterprise Security Manager JRE Vulnerability Fix Update Guide

Security Content Update Release Notes. Versions: CCS 11.1 and CCS 11.5

Veritas Dynamic Multi-Pathing readme

Altiris IT Analytics Solution 7.1 from Symantec User Guide

Veritas Storage Foundation and High Availability Solutions Getting Started Guide

PGP Viewer for ios. Administrator s Guide 1.0

Veritas System Recovery 18 Linux Edition: Quick Installation Guide

Symantec ApplicationHA Release Notes

Symantec Enterprise Vault

Symantec NetBackup Appliance Fibre Channel Guide

Symantec Enterprise Vault Technical Note

Symantec Enterprise Security Manager Microsoft SQL Modules User Guide. Version 4.1.2

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Microsoft SharePoint Server

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

PGP Viewer for ios. User s Guide 1.0

Veritas SaaS Backup for Office 365

Symantec ServiceDesk 7.1 SP1 Implementation Guide

Symantec PGP Viewer for ios

Veritas SaaS Backup for Salesforce

Veritas Desktop and Laptop Option 9.2. High Availability (HA) with DLO

Symantec Endpoint Encryption Full Disk Maintenance Pack Release Notes

Veritas Backup Exec Migration Assistant

Symantec Enterprise Vault Technical Note

Veritas Storage Foundation and High Availability Solutions Application Note: Support for HP-UX Integrity Virtual Machines

Veritas Cluster Server Library Management Pack Guide for Microsoft System Center Operations Manager 2007

Veritas Disaster Recovery Advisor Release Notes

NetBackup Copilot for Oracle Configuration Guide. Release 2.7.1

Symantec Encryption Desktop Version 10.2 for Mac OS X Release Notes. About Symantec Encryption Desktop

Symantec Enterprise Security Manager Patch Policy Release Notes

Symantec NetBackup OpsCenter Reporting Guide. Release 7.7

Symantec NetBackup for Enterprise Vault Agent Administrator's Guide

Symantec Enterprise Security Manager Patch Policy Release Notes

Symantec Enterprise Security Manager Patch Policy Release Notes

PGP(TM) Universal Server Version 3.2 Maintenance Pack Release Notes

Symantec Control Compliance Suite Express Security Content Update for JBoss Enterprise Application Platform 6.3. Release Notes

Veritas NetBackup Copilot for Oracle Configuration Guide. Release 2.7.2

Symantec Control Compliance Suite Express Security Content Update for Microsoft Windows Server 2008 R2 (CIS Benchmark 2.1.

Symantec Data Loss Prevention System Maintenance Guide. Version 14.0

Symantec Disaster Recovery Advisor Release Notes

Symantec System Recovery 2013 R2 Management Solution Administrator's Guide

Symantec Corporation NetBackup for Microsoft Exchange Server Administrator s Guide

Veritas System Recovery 18 Management Solution Administrator's Guide

Altiris PC Transplant 6.8 SP4 from Symantec User Guide

Symantec Enterprise Security Manager Patch Policy Release Notes

Security Content Update Release Notes. Versions: CCS 11.1.x and CCS 11.5.x

PGP Desktop Version 10.2 for Windows Maintenance Pack Release Notes

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Enterprise Vault

Symantec NetBackup for Enterprise Vault Agent Administrator's Guide

Veritas Storage Foundation and High Availability Solutions Getting Started Guide - Linux

Veritas Storage Foundation and High Availability Solutions Application Note: Support for HP-UX Integrity Virtual Machines

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide

Veritas Storage Foundation Add-on for Storage Provisioning User's Guide. 4.0 Release Update 1

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Veritas NetBackup for SQLite Administrator's Guide

Symantec Control Compliance Suite Getting Started Guide. Version: 11.0

Veritas Dynamic Multi-Pathing for Windows Release Notes

Symantec NetBackup for Microsoft Exchange Server Administrator s Guide

Symantec Enterprise Vault

Symantec ServiceDesk 7.1 SP2 Portal User Guide

Veritas Storage Foundation and High Availability Solutions Microsoft Clustering Solutions Guide for Microsoft Exchange 2007

Symantec Enterprise Security Manager Modules for Sybase Adaptive Server Enterprise User s Guide

Veritas System Recovery 16 Management Solution Administrator's Guide

Symantec ApplicationHA Agent for Microsoft SQL Server 2008 and 2008 R2 Configuration Guide

Symantec Enterprise Security Manager Patch Policy Release Notes

Symantec NetBackup for DB2 Administrator's Guide

PGP(TM) Universal Server Version 3.2 Maintenance Pack Release Notes

Veritas Enterprise Vault. NSF Migration

Symantec NetBackup Plug-in for VMware vsphere Web Client Guide. Release 7.6.1

Symantec Patch Management Solution for Windows 8.5 powered by Altiris technology User Guide

Wise Mobile Device Package Editor Reference

Symantec Mobile Management 7.1 Implementation Guide

Symantec Enterprise Security Manager User Guide. Version 10.0

Symantec NetBackup PureDisk Storage Pool Installation Guide

Symantec NetBackup OpsCenter 7.6 Performance

Transcription:

Symantec Enterprise Security Manager IBM DB2 Modules User Guide for Windows and UNIX Version 4.2

Symantec Enterprise Security Manager IBM DB2 Modules User Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version: 4.2 Legal Notice Copyright 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo, ActiveAdmin, BindView, BV-Control, and LiveUpdate are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party ( Third Party Programs ). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVAL. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com

Technical Support Contacting Technical Support Symantec Technical Support maintains support centers globally. Technical Support s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec s support offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and/or Web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services For information about Symantec s support offerings, you can visit our website at the following URL: www.symantec.com/business/support/ All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy. Customers with a current support agreement may access Technical Support information at the following URL: www.symantec.com/business/support/ Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: Product release level

Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Licensing and registration Customer service Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/business/support/ Customer service information is available at the following URL: www.symantec.com/business/support/ Customer Service is available to assist with non-technical questions, such as the following types of issues: Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades about upgrade assurance and support contracts about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs, DVDs, or manuals

Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows: Asia-Pacific and Japan Europe, Middle-East, and Africa North America and Latin America customercare_apac@symantec.com semea@symantec.com supportsolutions@symantec.com

Contents Technical Support... 4 Chapter 1 Introducing Symantec ESM Modules for IBM DB2 Databases... 15 About the Symantec ESM Modules for IBM DB2 Databases... 15 About creating a baseline snapshot... 16 What you can do with ESM DB2 modules... 16 Where you can get more information... 17 Chapter 2 Understanding the ESM DB2 Modules... 19 About the ESM DB2 Audit Configuration module... 19 Auditing Enabled (Windows and UNIX)... 19 DB2 Copies (Windows)... 20 DB2 Instances (UNIX)... 20 Event Types (Windows and UNIX)... 20 Audit Failure Events (Windows and UNIX)... 21 Audit Success Events (Windows and UNIX)... 22 Audit Database Events (Windows and UNIX)... 24 Auditing Related Events (Windows and UNIX)... 25 Checking Events (Windows and UNIX)... 26 Object Maintenance Events (Windows and UNIX)... 28 Security Maintenance Events (Windows and UNIX)... 30 System Administrator Events (Windows and UNIX)... 32 Validate Events (Windows and UNIX)... 34 Context Events (Windows and UNIX)... 36 Error Handling Facility (Windows and UNIX)... 38 Audit Miscellaneous Events (Windows and UNIX)... 39 Instance Startup And Shutdown (Windows and UNIX)... 40 Changes To Configuration Parameters (Windows and UNIX)... 41 Database Activation And Deactivation (Windows and UNIX)... 42 Use Of SYSADM,DBADM,SYSCTRL,SYSMAINT (Windows and UNIX)... 44

8 Contents Attempted Access To Restricted Objects (Windows and UNIX)... 46 Access To Sensitive Objects and/or Tables (Windows and UNIX)... 48 Unsuccessful Connection Attempts (Windows and UNIX)... 50 Administrative Functions Performed (Windows and UNIX)... 52 Other Audit Settings (Windows and UNIX)... 54 Audit Archive Path (Windows and UNIX)... 55 Audit Data Path (Windows and UNIX)... 55 Audit Configuration Settings (Windows and UNIX)... 56 About the ESM DB2 Discovery module... 57 Automatically Add New Database (UNIX)... 57 Automatically Add New Database (Windows)... 58 Automatically Add New Instance (UNIX)... 59 Automatically Remove Deleted Database (Windows and UNIX)... 60 Automatically Remove Deleted Instance (UNIX)... 61 Detect Deleted Database (Windows and UNIX)... 61 Detect Deleted Instance (UNIX)... 62 Detect New Database (Windows and UNIX)... 63 Detect New Instance (UNIX)... 63 About the ESM DB2 Fix Packs module... 64 DB2 Copies (Windows)... 64 DB2 Instances (UNIX)... 64 Installed Fix Packs (Windows and UNIX)... 64 Template files (Windows and UNIX)... 65 About the ESM DB2 Remote module... 67 DB2 Database Aliases (Windows and UNIX)... 67 Unauthorized Group Set in System Administrator Authority (Windows and UNIX)... 67 Unauthorized Group Set in System Control Authority (Windows and UNIX)... 68 Unauthorized Group Set in System Maintenance Authority (Windows and UNIX)... 69 Unauthorized Group/User in BINDADD Database Privilege (Windows and UNIX)... 69 Unauthorized Group/User in CONNECT Database Privilege (Windows and UNIX)... 70 Unauthorized Group/User in CREATETAB Database Privilege (Windows and UNIX)... 71 Unauthorized Group/User in CREATE_NOT_FENCED Database Privilege (Windows and UNIX)... 71

Contents 9 Unauthorized Group/User in Database Administrator Authority (Windows and UNIX)... 72 Unauthorized Group/User in IMPLICT_SCHEMA Database Privilege (Windows and UNIX)... 73 Unauthorized Group/User in LOAD Authority (Windows and UNIX)... 74 Unauthorized Group/User in CREATE_EXTERNAL_ROUTINE authority (Windows and UNIX)... 75 Authentication from the Server (Windows and UNIX)... 75 DB2 Version and OS (Windows and UNIX)... 76 Server Discovery Mode (Windows and UNIX)... 76 Instance Discovery Mode (Windows and UNIX)... 77 Database Discovery Mode (Windows and UNIX)... 77 New Group/User in Database Administrator Authority (Windows and UNIX)... 78 Deleted Group/User in Database Administrator Authority (Windows and UNIX)... 79 Modified Group/User in Database Administrator Authority (Windows and UNIX)... 79 New Group/User in CONNECT Database Privilege (Windows and UNIX)... 80 Deleted Group/User in CONNECT Database Privilege (Windows and UNIX)... 81 Modified Group/User in CONNECT Database Privilege (Windows and UNIX)... 81 New Group/User in BINDADD Database Privilege (Windows and UNIX)... 82 Deleted Group/User in BINDADD Database Privilege (Windows and UNIX)... 82 Modified Group/User in BINDADD Database Privilege (Windows and UNIX)... 83 New Group/User in CREATETAB Database Privilege (Windows and UNIX)... 84 Deleted Group/User in CREATETAB Database Privilege (Windows and UNIX)... 84 Modified Group/User in CREATETAB Database Privilege (Windows and UNIX)... 85 New Group/User in IMPLICIT_SCHEMA Database Privilege (Windows and UNIX)... 85 Deleted Group/User in IMPLICIT_SCHEMA Database Privilege (Windows and UNIX)... 86 Modified Group/User in IMPLICIT_SCHEMA Database Privilege (Windows and UNIX)... 87

10 Contents New Group/User in LOAD Authority (Windows and UNIX)... 87 Deleted Group/User in LOAD Authority (Windows and UNIX)... 88 Modified Group/User in LOAD Authority (Windows and UNIX)... 88 New Group/User in CREATE_NOT_FENCED Database Privilege (Windows and UNIX)... 89 Deleted Group/User in CREATE_NOT_FENCED Database Privilege (Windows and UNIX)... 90 Modified Group/User in CREATE_NOT_FENCED Database Privilege (Windows and UNIX)... 90 New Group/User in the CREATE_EXTERNAL_ROUTINE Authority (Windows and UNIX)... 91 Deleted Group/User in CREATE_EXTERNAL_ROUTINE Authority (Windows and UNIX)... 92 Modified Group/User in CREATE_EXTERNAL_ROUTINE Authority (Windows and UNIX)... 92 Objects with nicknames (Windows and UNIX)... 93 Objects not owned by Orphan (Windows and UNIX)... 94 About the ESM DB2 System module... 94 DB2 Instances (Windows and UNIX)... 95 Database folder on system partition (Windows and UNIX)... 95 Instance folder on system partition (Windows and UNIX)... 95 Database log folder on system partition (Windows and UNIX)... 9 6 SSL is Disabled (Windows and UNIX)... 96 Node catalogued by using hostname Windows and UNIX... 97 DB2 directory and file permissions (Windows and UNIX)... 97 Database containers (Windows)... 98 Database containers (UNIX)... 99 Default database path (Windows)... 99 Default database path (UNIX)... 100 Permission on default database path (Windows)... 101 Permission on default database path (UNIX)... 103 Archive log path (Windows)... 105 Archive log path (UNIX)... 106 Permission on archive log path (Windows)... 107 Permission on archive log path (UNIX)... 109 Secondary archive log path (Windows)... 111 Secondary archive log path (UNIX)... 113 Permission on secondary archive log path (Windows)... 114 Permission on secondary archive log path (UNIX)... 116 Tertiary archive log path (Windows)... 118

Contents 11 Tertiary archive log path (UNIX)... 120 Permission on tertiary archive log path (Windows)... 121 Permission on tertiary archive log path (UNIX)... 123 Mirrored log path (Windows)... 125 Mirrored log path (UNIX)... 127 Permission on mirrored log path (Windows)... 128 Permission on diagnostic path (Windows)... 130 Permission on diagnostic path (UNIX)... 133 Minimum JDK version (Windows and UNIX)... 135 Permission on JDK runtime library path (Windows)... 136 Permission on JDK runtime library path (UNIX)... 138 Database Path Template files (UNIX)... 140 User ownership (UNIX)... 141 Group ownership (UNIX)... 142 Permissions (UNIX)... 143 About the ESM DB2 Privileges module... 144 DB2 Instances (Windows and UNIX)... 144 View Privileges (Windows and UNIX)... 144 Grantee with the WITH ADMIN or GRANT option (Windows and UNIX)... 147 Unauthorized Grantees in Database Authority (Windows and UNIX)... 148 Tablespace Privileges (Windows and UNIX)... 149 Table Privileges (Windows and UNIX)... 151 Role Members (Windows and UNIX)... 154 Routine Privileges (Windows and UNIX)... 155 Nickname Privileges (Windows and UNIX)... 158 Privileges of PUBLIC group (Windows and UNIX)... 161 Column Privileges (Windows and UNIX)... 162 Schema Privileges (Windows and UNIX)... 165 Maximum reported messages (Windows and UNIX)... 168 About the ESM DB2 Configuration module... 168 DB2 Instances (Windows and UNIX)... 169 Database Manager Configuration (Windows and UNIX)... 169 Database Configuration (Windows and UNIX)... 170 Admin Configuration (Windows and UNIX)... 171 Fenced user (UNIX)... 172 DB2 sysctrl or sysmaint group is set as sysadm group (Windows and UNIX)... 173 Default databases (Windows and UNIX)... 174 Unauthorized members in dasadm group (Windows and UNIX)... 175

12 Contents Unauthorized members in DB2 system groups (Windows and UNIX)... 176 Chapter 3 Working with the DB2 templates... 179 About the DB2 Authorities template... 181 Creating the DB2 Authorities template... 181 About using the DB2 Authorities template... 182 About the DB2 Database Manager Config Params template... 186 Creating the DB2 Database Manager Config Params template... 187 About using the DB2 Database Manager Config Params template... 187 About the DB2 Fix Packs template... 192 Creating the DB2 Fix Packs template... 193 About using the DB2 Fix Packs template... 193 About the DB2 Admin Config Params template... 195 Creating the DB2 Admin Config Params template... 196 About using the DB2 Admin Config Params template... 196 About the DB2 Database Config Params template... 201 Creating the DB2 Database Config Params template... 202 About using the DB2 Database Config Param template... 202 About the DB2 View Privileges template... 207 Creating the DB2 View Privileges template... 208 About using the DB2 View Privileges template... 208 About the DB2 Tablespace Privileges template... 211 Creating the DB2 Tablespace Privileges template... 212 About using the DB2 Tablespace Privileges template... 212 About the DB2 Table Privileges template... 215 Creating the DB2 Table Privileges template... 215 About using the DB2 Table Privileges template... 215 About the DB2 Role Members template... 218 Creating the DB2 Role Members template... 218 About using the DB2 Role Members template... 219 About the DB2 Routine Privileges template... 220 Creating the DB2 Routine Privileges template... 220 About using the DB2 Routine Privileges template... 221 About the DB2 Nickname Privileges template... 224 Creating the DB2 Nickname Privileges template... 224 About using the DB2 Nickname Privileges template... 224 About the DB2 System Authority Groups template... 227 Creating the DB2 System Authority Groups template... 227 About using the DB2 System Authority Groups template... 228 About the DB2 Column Privileges template... 229

Contents 13 Creating the DB2 Column Privileges template... 229 About using the DB2 Column Privileges template... 230 About the DB2 Schema Privileges template... 233 Creating the DB2 Schema Privileges template... 233 About using the DB2 Schema Privileges template... 233 About the DB2 Audit Settings template... 236 Creating the DB2 Audit Settings template... 236 About using the DB2 Audit Settings template... 236 About the DB2 Database File Permissions template... 238 Creating the DB2 Database File Permissions template... 238 About using the DB2 Database File Permissions template... 239 Chapter 4 Troubleshooting DB2 Modules on Windows... 243 Encryption exception... 243 ESM DB2 Remote module errors... 244 Chapter 5 Troubleshooting DB2 Modules on UNIX... 245 Encryption exception... 245 ESM DB2 Audit Configuration errors... 246 ESM DB2 Remote module errors... 246

14 Contents

Chapter 1 Introducing Symantec ESM Modules for IBM DB2 Databases This chapter includes the following topics: About the Symantec ESM Modules for IBM DB2 Databases About creating a baseline snapshot What you can do with ESM DB2 modules Where you can get more information About the Symantec ESM Modules for IBM DB2 Databases Symantec Enterprise Security Manager (ESM) Modules for IBM DB2 Databases extends Symantec ESM beyond securing the operating system to securing mission-critical e-business components. These modules protect IBM DB2 Databases from known security vulnerabilities. The modules introduce new, database-specific executables and content, including modules to check audit configuration, fix packs, authentication methods, current DB2 version and Unauthorized Authorities or privileges. Working within the framework of Symantec ESM, the industry's most comprehensive solution for discovering security vulnerabilities, Symantec ESM Modules for IBM DB2 Databases eases the administrative burden of measuring the effectiveness of enterprise security policies and enforcing compliance.

16 Introducing Symantec ESM Modules for IBM DB2 Databases About creating a baseline snapshot This product installs on Windows Server 2003, Windows 2008, Solaris SPARC, IBM AIX, and Red Hat Enterprise Linux servers. With these modules, Symantec ESM's centralized security scanning and integrated reporting capabilities can be used to automate security evaluations and policy enforcement for any IBM DB2 9.1, 9.5, and 9.7 databases that runs on your network. About creating a baseline snapshot To establish a baseline for ESM DB2 module security checks, create a new ESM DB2 remote policy with snapshot-related checks enabled. Running this policy creates snapshots of the current account information that you can update when you run checks for new, deleted, or modified information. Run the module one time to create the snapshots, then rerun the module to detect changes between policy runs. After running a policy, to update the snapshots directly from messages in the Policy Run report, do one of the following: Right-click on a modified message Right-click on a deleted message Right-click on a new report message What you can do with ESM DB2 modules You can use Symantec ESM modules to report on the compliance of the your computer's security policies. You can use Symantec ESM Modules for IBM DB2 Databases in the same way that you use other Symantec ESM modules: Configure the application module to report on the IBM DB2 instances and databases Create a Symantec ESM policy using one or more DB2 modules Configure the new policy Configure applicable templates Run the policy Review the policy run results to compare the results with the your Enterprise security policies. The ESM DB2 Remote module uses the configuration information that is stored in the /esm/config/db2module.dat file on UNIX and

Introducing Symantec ESM Modules for IBM DB2 Databases Where you can get more information 17 <Installation_directory>\Program Files\Symantec\Enterprise Security Manager\ESM\config\DB2Module.dat on Windows. Where you can get more information See Using policies, templates, snapshots, and modules in the latest version of your Symantec Enterprise Security User s Guide and Reviewing policies, modules, and messages in the latest version of your Symantec ESM Security Update User s Guide for more information about Symantec ESM modules. For more information on Symantec ESM Security Updates see Symantec Enterprise Security User s Guide. For more information on Symantec ESM, Symantec ESM Security Updates, and Symantec ESM support for database products, see the Symantec Security Response Web site at http://securityresponse.symantec.com

18 Introducing Symantec ESM Modules for IBM DB2 Databases Where you can get more information

Chapter 2 Understanding the ESM DB2 Modules This chapter includes the following topics: About the ESM DB2 Audit Configuration module About the ESM DB2 Discovery module About the ESM DB2 Fix Packs module About the ESM DB2 Remote module About the ESM DB2 System module About the ESM DB2 Privileges module About the ESM DB2 Configuration module About the ESM DB2 Audit Configuration module The ESM DB2 Audit Configuration module searches for the audit configuration for the IBM DB2 databases in the ESM agent computer. Auditing Enabled (Windows and UNIX) This check reports whether auditing is enabled on the IBM DB2 instances. The following table lists the message for the check.

20 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-1 Message for Auditing Enabled Message String String : ESM_AUDIT_ACTIVE UNIX (236631) (238031) (238631) Title: DB2 Audit Status : Auditing is not active for the databases. The logs will not be generated for any events Severity: red-4 Correctable: Format: [DB2 Audit Configuration is not active. The events will not be audited] DB2 Copies (Windows) This check lets you include or exclude the DB2 copies that the module reports on. By default, the module examines all the database copies that were configured during the DB2 installation. Use the name list in this option to specify the copies that are to be included or excluded. Use the name list to specify DB2V8 to include or exclude DB2 version 8. DB2 Instances (UNIX) The module examines all the databases that were configured during the ESM DB2 installation, by default. Use the name list in this option to specify the instances that are to be included or excluded. Event Types (Windows and UNIX) The checks that are included in the Events Types group let you specify which types of events you want to audit. You can also specify whether only successful or failed events, or both, should be logged. The following table lists the message for the check.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 21 Table 2-2 Message for Event Types Message String String : ESM_NO_ COMPARISON _SPECIFIED Category: ESM Error UNIX (236651) (238051) (238651) Title: Comparison type not specified : Enable Audit checks Severity: red-4 Correctable: Audit Failure Events (Windows and UNIX) This check reports whether the IBM DB2 databases logs error events are audited. This check is not supported on the IBM DB2 database version 9.5 and 9.7. The following table lists the messages for the check. Table 2-3 Messages for Audit Failure Events Message String String : ESM_LOG_DB2ERROR UNIX (236632) (238032) (238632) Title: Audit Failure Events : DB2 does not log error events Severity: red-4 Correctable: Format: [DB2 does not log error events]

22 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-3 Messages for Audit Failure Events (continued) Message String String : ESM_LOG_ ERROR_WARNING UNIX (236653) (238053) (238653) Title: Audit Failure Events : The setting for auditing failure events is enabled but Auditing is not active. Hence DB2 does not audit failure events. Severity: yellow-1 Correctable: Format: [Setting for auditing failure events is enabled but Auditing is not active. Hence DB2 does not audit failure events] Audit Success Events (Windows and UNIX) This check reports whether IBM DB2 databases logs success events are audited. This check is not supported on the IBM DB2 database version 9.5 and 9.7. The following table lists the messages for the check.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 23 Table 2-4 Messages for Audit Success Events Message String String : ESM_LOG_SUCCESS UNIX (236633) (238033) (238633) Title: Audit Success Events : DB2 does not log success events Severity: red-4 Correctable: Format: [DB2 does not log success events] String : ESM_LOG_SUCCESS _WARNING UNIX (236661) (238061) (238661) Title: Audit Success Events : The setting for auditing success events is enabled but Auditing is not active. Hence DB2 does not audit success events. Severity: yellow-1 Correctable: Format: [Setting for auditing success events is enabled but Auditing is not active. Hence DB2 does not audit success events.]

24 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-4 Messages for Audit Success Events (continued) Message String String : ESM_LOG_SUCCESS _ENABLED_WARNING UNIX (236662) (238062) (238662) Title: Audit Success Events : The setting for auditing success events is enabled. This will increase the audit log size significantly. Severity: yellow-1 Correctable: Format: [Setting for auditing success events is enabled. This will increase the audit log size significantly.] Audit Database Events (Windows and UNIX) The checks that are included in the Audit Database Events group verify which IBM DB2 database events are audited. The following table lists the message for the check. Table 2-5 Message for Audit Database Events Message String String : ESM_NO_ COMPARISON _SPECIFIED Category: ESM Error UNIX (236651) (238051) (238651) Title: Comparison type not specified : Enable Audit checks Severity: red-4 Correctable:

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 25 Auditing Related Events (Windows and UNIX) This check reports whether IBM DB2 databases logs audit events. The following table lists the messages for the check. Table 2-6 Messages for Auditing Related Events Message String String : ESM_LOG_DB2AUDIT UNIX (236634) (238034) (238634) Title: Audit auditing related events : DB2 does not log audit events Severity: red-4 Correctable: Format: [DB2 does not log audit events] String : ESM_LOG_AUDIT_ WARNING UNIX (236654) (238054) (238654) Title: Audit Auditing Related Events : The setting for auditing audit related events is enabled but Auditing is not active. Hence DB2 does not audit audit related events Severity: yellow-1 Correctable: Format: [Setting for auditing audit related events is enabled but Auditing is not active. Hence DB2 does not audit audit related events]

26 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-6 Messages for Auditing Related Events (continued) Message String String : ESM_SETTING _ENABLED UNIX (236673) (238073) (238673) Title: Audit Enabled : The setting is enabled. Severity: green-0 Correctable: String : ESM_SETTING _DISABLED UNIX (236674) (238074) (238674) Title: Auditing Disabled : The setting is disabled. Severity: red-4 Correctable: String : ESM_SETTING_ DISABLED_WARNING UNIX (236675) (238075) (238675) Title: Auditing Disabled : The setting for this event is enabled but Auditing is not active. Hence DB2 does not audit this event. Severity: yellow-1 Correctable: Format: [%s. This setting is enabled but Auditing is not active.] Checking Events (Windows and UNIX) This check reports whether IBM DB2 databases logs checking events. The following table lists the messages for the check.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 27 Table 2-7 Messages for Checking Events Message String String : ESM_LOG_CHECKING String : ESM_LOG_ CHECKING_WARNING UNIX (236635) (238035) (238635) UNIX (236655) (238055) (238655) Title: Audit Checking events : DB2 does not log checking events Title: Audit Checking Events : The setting for auditing checking events is enabled but Auditing is not active. Hence DB2 does not audit checking events Severity: red-4 Correctable: Format: [DB2 does not log checking events] Severity: yellow-1 Correctable: Format: [Setting for auditing checking events is enabled but Auditing is not active. Hence DB2 does not audit checking events] String : ESM_SETTING _ENABLED UNIX (236673) (238073) (238673) Title: Audit Enabled : The setting is enabled. Severity: green-0 Correctable:

28 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-7 Messages for Checking Events (continued) Message String String : ESM_SETTING _DISABLED UNIX (236674) (238074) (238674) Title: Auditing Disabled : The setting is disabled. Severity: red-4 Correctable: String : ESM_SETTING_ DISABLED_WARNING UNIX (236675) (238075) (238675) Title: Auditing Disabled : The setting for this event is enabled but Auditing is not active. Hence DB2 does not audit this event. Severity: yellow-1 Correctable: Format: [%s. This setting is enabled but Auditing is not active.] Object Maintenance Events (Windows and UNIX) This check reports whether the IBM DB2 databases logs Object Maintenance events. The following table lists the messages for the check.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 29 Table 2-8 Messages for Object Maintenance Events Message String String : ESM_LOG_OBJMAINT UNIX (236636) (238036) (238636) Title: Audit Object Maintenance events : DB2 does not log object maintenance events Severity: red-4 Correctable: Format: [DB2 does not log object maintenance events] String : ESM_LOG_OBJMAINT _WARNING UNIX (236656) (238056) (238656) Title: Audit Object Maintenance Events : The setting for auditing object maintenance events is enabled but Auditing is not active. Hence DB2 does not audit object maintenance events Severity: yellow-1 Correctable: Format: [Setting for auditing object maintenance events is enabled but Auditing is not active. Hence DB2 does not audit objmaint events] String : ESM_SETTING _ENABLED UNIX (236673) (238073) (238673) Title: Audit Enabled : The setting is enabled. Severity: green-0 Correctable:

30 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-8 Messages for Object Maintenance Events (continued) Message String String : ESM_SETTING _DISABLED UNIX (236674) (238074) (238674) Title: Auditing Disabled : The setting is disabled. Severity: red-4 Correctable: String : ESM_SETTING_ DISABLED_WARNING UNIX (236675) (238075) (238675) Title: Auditing Disabled : The setting for this event is enabled but Auditing is not active. Hence DB2 does not audit this event. Severity: yellow-1 Correctable: Format: [%s. This setting is enabled but Auditing is not active.] Security Maintenance Events (Windows and UNIX) This check reports whether the IBM DB2 databases logs Security Maintenance events. The following table lists the messages for the check.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 31 Table 2-9 Messages for Security Maintenance Events Message String String : ESM_LOG_SECMAINT String : ESM_LOG_SECMAINT _WARNING UNIX (236637) (238037) (238637) UNIX (236657) (238057) (238657) Title: Audit Security Maintenance events : DB2 does not log security maintenance events Title: Audit Security Maintenance Events : The setting for auditing security maintenance events is enabled but Auditing is not active. Hence DB2 does not audit security maintenance events Severity: red-4 Correctable: Format: [DB2 does not log security maintenance events] Severity: yellow-1 Correctable: Format: [Setting for auditing security maintenance event is enabled but Auditing is not active. Hence DB2 does not audit secmaint events] String : ESM_SETTING _ENABLED UNIX (236673) (238073) (238673) Title: Audit Enabled : The setting is enabled. Severity: green-0 Correctable:

32 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-9 Messages for Security Maintenance Events (continued) Message String String : ESM_SETTING _DISABLED UNIX (236674) (238074) (238674) Title: Auditing Disabled : The setting is disabled. Severity: red-4 Correctable: String : ESM_SETTING_ DISABLED_WARNING UNIX (236675) (238075) (238675) Title: Auditing Disabled : The setting for this event is enabled but Auditing is not active. Hence DB2 does not audit this event. Severity: yellow-1 Correctable: Format: [%s. This setting is enabled but Auditing is not active.] System Administrator Events (Windows and UNIX) This check reports whether IBM DB2 databases logs System Administrator events. The following table lists the messages for the check.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 33 Table 2-10 Messages for System Administrator Events Message String String : ESM_LOG_SYSADM String : ESM_LOG_SYSADM _WARNING UNIX (236638) (238038) (238638) UNIX (236658) (238058) (238658) Title: Audit System Administrator events : DB2 does not log system administrator events Title: Audit System Administrator Events : The setting for auditing system administrator events is enabled but Auditing is not active. Hence DB2 does not audit system administrator events Severity: red-4 Correctable: Format: [DB2 does not log system administrator events] Severity: yellow-1 Correctable: Format: [Setting for auditing system administrator event is enabled but Auditing is not active. Hence DB2 does not audit sysadmin events] String : ESM_SETTING _ENABLED UNIX (236673) (238073) (238673) Title: Audit Enabled : The setting is enabled. Severity: green-0 Correctable:

34 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-10 Messages for System Administrator Events (continued) Message String String : ESM_SETTING _DISABLED UNIX (236674) (238074) (238674) Title: Auditing Disabled : The setting is disabled. Severity: red-4 Correctable: String : ESM_SETTING_ DISABLED_WARNING UNIX (236675) (238075) (238675) Title: Auditing Disabled : The setting for this event is enabled but Auditing is not active. Hence DB2 does not audit this event. Severity: yellow-1 Correctable: Format: [%s. This setting is enabled but Auditing is not active.] Validate Events (Windows and UNIX) This check reports whether the IBM DB2 databases logs Validate events. The following table lists the messages for the check.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 35 Table 2-11 Messages for Validate Events Message String String : ESM_LOG_VALATE String : ESM_LOG_VALATE _WARNING UNIX (236639) (238039) (238639) UNIX (236659) (238059) (238659) Title: Audit Validate events : DB2 does not log validate events Title: Audit Validate Events : The setting for auditing validate events is enabled but Auditing is not active. Hence DB2 does not audit validate events Severity: red-4 Correctable: Format: [DB2 does not log validate events] Severity: yellow-1 Correctable: Format: [Setting for auditing validate events is enabled but Auditing is not active. Hence DB2 does not audit validate events] String : ESM_SETTING _ENABLED UNIX (236673) (238073) (238673) Title: Audit Enabled : The setting is enabled. Severity: green-0 Correctable:

36 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-11 Messages for Validate Events (continued) Message String String : ESM_SETTING _DISABLED UNIX (236674) (238074) (238674) Title: Auditing Disabled : The setting is disabled. Severity: red-4 Correctable: String : ESM_SETTING_ DISABLED_WARNING UNIX (236675) (238075) (238675) Title: Auditing Disabled : The setting for this event is enabled but Auditing is not active. Hence DB2 does not audit this event. Severity: yellow-1 Correctable: Format: [%s. This setting is enabled but Auditing is not active.] Context Events (Windows and UNIX) This check reports whether IBM DB2 databases logs Context events. The following table lists the messages for the check.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 37 Table 2-12 Messages for Context Events Message String String : ESM_LOG_CONTEXT UNIX (236640) (238040) (238640) Title: Audit context events : DB2 does not log context events Severity: red-4 Correctable: Format: [DB2 does not log context events] String : ESM_LOG_ CONTEXT_WARNING UNIX (236660) (238060) (238660) Title: Audit Context Events : The setting for auditing context events is enabled but Auditing is not active. Hence DB2 does not audit context events. Severity: yellow-1 Correctable: Format: [Setting for auditing context events is enabled but Auditing is not active. Hence DB2 does not audit context events] String : ESM_SETTING _ENABLED UNIX (236673) (238073) (238673) Title: Audit Enabled : The setting is enabled. Severity: green-0 Correctable:

38 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-12 Messages for Context Events (continued) Message String String : ESM_SETTING _DISABLED UNIX (236674) (238074) (238674) Title: Auditing Disabled : The setting is disabled. Severity: red-4 Correctable: String : ESM_SETTING_ DISABLED_WARNING UNIX (236675) (238075) (238675) Title: Auditing Disabled : The setting for this event is enabled but Auditing is not active. Hence DB2 does not audit this event. Severity: yellow-1 Correctable: Format: [%s. This setting is enabled but Auditing is not active.] Error Handling Facility (Windows and UNIX) This check reports whether the IBM DB2 databases have the audit facility parameter set to Audit. You have the option to specify whether audit facility errors are returned to the user (AUDIT) or ignored (NORMAL). The following table lists the message for the check.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 39 Table 2-13 Message for Error Handling Facility Message String String : ESM_LOG_ERRORTYPE UNIX (236641) (238041) (238641) Title: Audit Facility For Error Handling : The audit facility parameter (ERRORTYPE) is set to Normal Severity: red-4 Correctable: Format: [Audit facility parameter (ERRORTYPE) is set to normal] Audit Miscellaneous Events (Windows and UNIX) The checks that are included in the Audit Miscellaneous Events group verify which IBM DB2 database miscellaneous events are audited. The following table lists the message for the check. Table 2-14 Message for Audit Miscellaneous Events Message String String : ESM_NO _COMPARISON _SPECIFIED Category: ESM Error UNIX (236651) (238051) (238651) Title: Comparison type not specified : Enable Audit checks Severity: red-4 Correctable:

40 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Instance Startup And Shutdown (Windows and UNIX) This check reports whether IBM DB2 databases log the startup and shutdown events of instances. The following table lists the messages for the check. Table 2-15 Messages for Instance Startup And Shutdown Message String String : ESM_LOG_INSTANCE _UP_DOWN String : ESM_LOG_INSTANCE _UP_DOWN_WARNING UNIX (236642) (238042) (238642) UNIX (236663) (238063) (238663) Title: Audit Instance startup and shutdown : DB2 does not log instance startup and shutdown Title: Audit Instance startup and shutdown : The setting for auditing success events is enabled but Auditing is not active. Hence DB2 does not audit success events. Severity: red-4 Correctable: Format: [Instance startup and shutdown will not be logged] Severity: yellow-1 Correctable: Format: [This setting is enabled but Auditing is not active. Hence DB2 does not audit instance startup and shutdown events.]

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 41 Table 2-15 Messages for Instance Startup And Shutdown (continued) Message String String : ESM_SETTING _ENABLED UNIX (236673) (238073) (238673) Title: Audit Enabled : The setting is enabled. Severity: green-0 Correctable: String : ESM_SETTING _DISABLED UNIX (236674) (238074) (238674) Title: Auditing Disabled : The setting is disabled. Severity: red-4 Correctable: String : ESM_SETTING_ DISABLED_WARNING UNIX (236675) (238075) (238675) Title: Auditing Disabled : The setting for this event is enabled but Auditing is not active. Hence DB2 does not audit this event. Severity: yellow-1 Correctable: Format: [%s. This setting is enabled but Auditing is not active.] Changes To Configuration Parameters (Windows and UNIX) This check reports whether IBM DB2 databases log the changes made to the instance and the database configuration parameters. The following table lists the messages for the check.

42 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-16 Messages for Changes To Configuration Parameters Message String String : ESM_LOG_ DB_DBM_CFG String : ESM_LOG_DB_ DBM_CFG_WARNING UNIX (236643) (238043) (238643) UNIX (236664) (238064) (238664) Title: Audit configuration parameter changes : DB2 does not log changes made to instance and database configuration parameters Title: Audit configuration parameters changes : The setting for auditing instance and database configuration change events is enabled but Auditing is not active. Hence DB2 does not audit instance and database configuration change events. Severity: red-4 Correctable: Format: [Changes made to instance and database configuration parameters will not be logged] Severity: yellow-1 Correctable: Format: [This setting is enabled but Auditing is not active. Hence DB2 does not audit instance and database configuration change events.] Database Activation And Deactivation (Windows and UNIX) This check reports whether IBM DB2 databases log database activation and deactivation. The following table lists the messages for the check.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 43 Table 2-17 Messages for Database Activation And Deactivation Message String String : ESM_LOG_DB _ACT_DEACT String : ESM_LOG_DB_ ACT_DEACT_WARNING UNIX (236644) (238044) (238644) UNIX (236665) (238065) (238665) Title: Audit database activation and deactivation : DB2 does not log database activation and deactivation Title: Audit database activation and deactivation : The setting for auditing database activation and deactivation events is enabled but Auditing is not active. Hence DB2 does not audit database activation and deactivation events. Severity: red-4 Correctable: Format: [Database Activation and deactivation will not be logged] Severity: yellow-1 Correctable: Format: [This setting is enabled but Auditing is not active. Hence DB2 does not audit database activation and deactivation events.] String : ESM_SETTING _ENABLED UNIX (236673) (238073) (238673) Title: Audit Enabled : The setting is enabled. Severity: green-0 Correctable:

44 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-17 Messages for Database Activation And Deactivation (continued) Message String String : ESM_SETTING _DISABLED UNIX (236674) (238074) (238674) Title: Auditing Disabled : The setting is disabled. Severity: red-4 Correctable: String : ESM_SETTING_ DISABLED_WARNING UNIX (236675) (238075) (238675) Title: Auditing Disabled : The setting for this event is enabled but Auditing is not active. Hence DB2 does not audit this event. Severity: yellow-1 Correctable: Format: [%s. This setting is enabled but Auditing is not active.] Use Of SYSADM,DBADM,SYSCTRL,SYSMAINT (Windows and UNIX) This check reports whether IBM DB2 databases log the use of SYSADM, DBADM, SYSCTRL, SYSMAINT. The following table lists the messages for the check.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 45 Table 2-18 Messages for Use Of SYSADM, DBADM, SYSCTRL, SYSMAINT Message String String : ESM_LOG_ADMINS UNIX (236645) (238045) (238645) Title: Audit Use of SYSADM, DBADM, SYSCTRL, SYSMAINT : DB2 does not log use of SYSADM, DBADM, SYSCTRL, SYSMAINT Severity: red-4 Correctable: Format: [Use of SYSADM, DBADM, SYSCTRL, SYSMAINT will not be logged] String : ESM_LOG_ADMINS _WARNING UNIX (236666) (238066) (238666) Title: Audit Use of SYSADM, DBADM, SYSCTRL, SYSMAINT : The setting for auditing use of SYSADM, DBADM, SYSCTRL, SYSMAINT events is enabled but Auditing is not active. Hence DB2 does not audit use of SYSADM, DBADM, SYSCTRL, SYSMAINT events. Severity: yellow-1 Correctable: Format: [This setting is enabled but Auditing is not active. Hence DB2 does not audit use of SYSADM, DBADM, SYSCTRL, SYSMAINT events.]

46 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-18 Messages for Use Of SYSADM, DBADM, SYSCTRL, SYSMAINT (continued) Message String String : ESM_SETTING _ENABLED UNIX (236673) (238073) (238673) Title: Audit Enabled : The setting is enabled. Severity: green-0 Correctable: String : ESM_SETTING _DISABLED UNIX (236674) (238074) (238674) Title: Auditing Disabled : The setting is disabled. Severity: red-4 Correctable: String : ESM_SETTING_ DISABLED_WARNING UNIX (236675) (238075) (238675) Title: Auditing Disabled : The setting for this event is enabled but Auditing is not active. Hence DB2 does not audit this event. Severity: yellow-1 Correctable: Format: [%s. This setting is enabled but Auditing is not active.] Attempted Access To Restricted Objects (Windows and UNIX) This check reports whether IBM DB2 databases log the attempted access to restricted objects defined by the owner.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 47 The following table lists the messages for the check. Table 2-19 Messages for Attempted Access To Restricted Objects Message String String : ESM_LOG_ RESTRICTED_OBJ UNIX (236646) (238046) (238646) Title: Audit attempted access to restricted objects : DB2 does not log attempted access to restricted objects defined Severity: red-4 Correctable: Format: [Attempted access to restricted objects defined by owner will not be logged] String : ESM_LOG_ RESTRICTED_OBJ UNIX (236667) (238067) (238667) Title: Audit attempted access to restricted objects : The setting for auditing attempted access to restricted objects events is enabled but Auditing is not active. Hence DB2 does not audit attempted access to restricted objects events. Severity: yellow-1 Correctable: Format: [This setting is enabled but Auditing is not active. Hence DB2 does not audit attempted access to restricted objects events.]

48 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-19 Messages for Attempted Access To Restricted Objects (continued) Message String String : ESM_SETTING _ENABLED UNIX (236673) (238073) (238673) Title: Audit Enabled : The setting is enabled. Severity: green-0 Correctable: String : ESM_SETTING _DISABLED UNIX (236674) (238074) (238674) Title: Auditing Disabled : The setting is disabled. Severity: red-4 Correctable: String : ESM_SETTING_ DISABLED_WARNING UNIX (236675) (238075) (238675) Title: Auditing Disabled : The setting for this event is enabled but Auditing is not active. Hence DB2 does not audit this event. Severity: yellow-1 Correctable: Format: [%s. This setting is enabled but Auditing is not active.] Access To Sensitive Objects and/or Tables (Windows and UNIX) This check reports whether IBM DB2 databases log the access to sensitive Objects and/or Tables defined by the owner. The following table lists the messages for the check.

Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module 49 Table 2-20 Messages for Access To Sensitive Objects and/or Tables Message String String : ESM_LOG _SENSITIVE_OBJ String : ESM_LOG_ SENSITIVE_OBJ _WARNING UNIX (236647) (238047) (238647) UNIX (236668) (238068) (238668) Title: Audit access to sensitive Objects and/or Tables : DB2 does not log access to sensitive Objects and/or Tables defined Title: Audit access to sensitive Objects and/or Tables : The setting for auditing access to sensitive Objects and/or Tables events is enabled but Auditing is not active. Hence DB2 does not audit access to sensitive Objects and/or Tables events. Severity: red-4 Correctable: Format: [Access to sensitive Objects and/or Tables defined by owner will not be logged] Severity: yellow-1 Correctable: Format: [This setting is enabled but Auditing is not active. Hence DB2 does not audit access to sensitive Objects and/or Tables events.]

50 Understanding the ESM DB2 Modules About the ESM DB2 Audit Configuration module Table 2-20 Messages for Access To Sensitive Objects and/or Tables (continued) Message String String : ESM_SETTING _ENABLED UNIX (236673) (238073) (238673) Title: Audit Enabled : The setting is enabled. Severity: green-0 Correctable: String : ESM_SETTING _DISABLED UNIX (236674) (238074) (238674) Title: Auditing Disabled : The setting is disabled. Severity: red-4 Correctable: String : ESM_SETTING_ DISABLED_WARNING UNIX (236675) (238075) (238675) Title: Auditing Disabled : The setting for this event is enabled but Auditing is not active. Hence DB2 does not audit this event. Severity: yellow-1 Correctable: Format: [%s. This setting is enabled but Auditing is not active.] Unsuccessful Connection Attempts (Windows and UNIX) This check reports whether IBM DB2 databases log the non-successful connection attempts from all users. The following table lists the messages for the check.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback