Network Deployment (Distributed operating systems), v8.0 > Reference > Commands (wsadmin scripting)

AuditKeyStoreCommands command group

We can use Jython to configure the security auditing system with wsadmin.sh. Use the commands and parameters in the AuditKeyStoreCommands group to configure audit keystores in the security auditing system.

Use the following commands to manage audit key stores in the audit.xml configuration file:

• createAuditKeyStore

• deleteAuditKeyStore

• getAuditKeyStoreInfo

• listAuditKeyStores

• modifyAuditKeyStore

createAuditKeyStore

Creates a keystore in the audit.xml file. The system uses this keystore to encrypt audit records.

The user must have the auditor administrative role to run this command.

Target object None

Required parameters

-keyStoreName

Unique name of the keystore. (String, required)

-keyStoreType

Valid keystore type. The default keystore type is PKCS12. (String, required)

-keyStoreLocation

Location where the system creates the keystore. (String, required)

-keyStorePassword

Password for the keystore. (String, required)

-keyStorePasswordVerify

Verifies the password for the keystore. (String, required)

Optional parameters

-keyStoreProvider

Provider for the keystore. (String, optional)

-keyStoreIsFileBased

Specifies if the keystore is file-based. The default is true. (Boolean, optional)

-keyStoreHostList

Host list for the keystore. (String, optional)

-keyStoreInitAtStartup

Whether the system initializes the keystore on startup. The default is false. (Boolean, optional)

-keyStoreReadOnly

Whether the keystore is read-only or not. Default is false. (Boolean, optional)

-keyStoreStashFile

Whether the keystore needs a stash file. (Boolean, optional)

-enableCryptoOperations

Whether the keystore is an acceleration keystore. False default. (Boolean, optional)

-scopeName

Scope for the keystore. (String, optional)

-keyStoreDescription

Description for the keystore. (String, optional)

Return value

The command returns the ID of the new keystore, as the following example displays:

KeyStore_1173199825578

Batch example...

• Jython string:

  AdminTask.createAuditKeyStore('-keyStoreName mynewkeystore -keyStoreLocation
  c:\install_root\appserver\profiles\AppSrv01\config\cells -keyStorePassword
  myPwd -keyStorePasswordVerify myPwd -keyStoreProvider IBMJCE -scopeName (cell):Node04Cell')
  

• Use Jython list:

  AdminTask.createAuditKeyStore(['-keyStoreName', 'mynewkeystore', '-keyStoreLocation',
  'c:\install_root\appserver\profiles\AppSrv01\config\cells', '-keyStorePassword',
  'myPwd', '-keyStorePasswordVerify', 'myPwd', '-keyStoreProvider', 'IBMJCE',
  '-scopeName', '(cell):Node04Cell'])
  

Interactive example...

### Jython

AdminTask.createAuditKeyStore('-interactive')

deleteAuditKeyStore

The deleteAuditKeyStore command removes the reference to an audit keystore from the audit.xml configuration file.

The user must have the auditor administrative role to run this command.

Target object None

Required parameters

-keyStoreName

Name of the keystore. (String, required)

Optional parameters

-scopeName

Specifies the management scope of the keystore. (String, optional)

-removeKeyStoreFile

Whether to remove the keystore from the configuration. Specify this parameter if the keystore of interest is not in use. (Boolean, optional)

Return value

The command returns a value of true if the system successfully removes the reference to the keystore from the audit.xml configuration file.

Batch example...

• Jython string:

  AdminTask.deleteAuditKeyStore('-keyStoreName AuditDefaultKeyStore -scopeName
  (cell):Node04Cell -removeKeyStoreFile false')
  

• Use Jython list:

  AdminTask.deleteAuditKeyStore(['-keyStoreName', 'AuditDefaultKeyStore', '-scopeName',
  '(cell):Node04Cell', '-removeKeyStoreFile', 'false'])
  

Interactive example...

### Jython

AdminTask.deleteAuditKeyStore('-interactive')

getAuditKeyStoreInfo

The getAuditKeyStoreInfo command returns a list of attributes for the keystore that the system uses to encrypt audit records.

The user must have the monitor administrative role to run this command.

Target object None

Required parameters

-keyStoreName

Unique name to identify the keystore. (String, required)

Optional parameters

-scopeName

Specifies the management scope of the keystore. (String, optional)

Return value

The command returns a list of attributes for the keystore, as the following sample output displays:

{{location ${CONFIG_ROOT}/audittrust.p12}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1173199825578}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{createStashFileForCMS false}
{description {keyStore description}}
{readOnly false}
{initializeAtStartup true}
{managementScope (cells/Node04Cell|audit.xml#ManagementScope_1173199825608)}

Batch example...

• Jython string:

  AdminTask.getAuditKeyStoreInfo('-keyStoreName AuditDefaultKeyStore')
  

• Use Jython list:

  AdminTask.getAuditKeyStoreInfo(['-keyStoreName', 'AuditDefaultKeyStore'])
  

Interactive example...

### Jython

AdminTask.getAuditKeyStoreInfo('-interactive')

listAuditKeyStores

The listAuditKeyStores command lists the attributes for the audit keystores within a specific management scope or for all audit keystores.

The user must have the monitor administrative role to run this command.

Target object None

Optional parameters

-scopeName

Specifies the management scope associated with the keystores of interest. (String, optional)

-all

Whether to list all keystores. When the -all parameter is set as true, it overrides the -scopeName parameter. (Boolean, optional)

Return value

The command returns a list of attributes for the scope of interest, as the following sample output displays:

{{location ${CONFIG_ROOT}/audittrust.p12}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1173199825578}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{keyStoreRef KeyStore_1173199825578}
{createStashFileForCMS false}
{description {keyStore description}}
{managementScope (cells/Node04Cell|audit.xml#ManagementScope_1173199825608)}
{readOnly false}
{initializeAtStartup true}
{usage {}}
{provider IBMJCE}{name AuditDefaultKeyStore}}
{{location c:\install_root\appserver\profiles\AppSrv01\config\cells}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1184700968484}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{keyStoreRef KeyStore_1184700968484}
{createStashFileForCMS false}
{description {}}
{managementScope {}}
{readOnly false}
{initializeAtStartup false}
{usage {}}
{provider IBMJCE}
{name mykeystore}}

Batch mode example usage

• Jython string:

  AdminTask.listAuditKeyStores('-scopeName (cell):Node04Cell')
  

• Use Jython list:

  AdminTask.listAuditKeyStores(['-scopeName', '(cell):Node04Cell'])
  

Interactive example...

### Jython

AdminTask.listAuditKeyStores('-interactive')

modifyAuditKeyStore

The modifyAuditKeyStore command modifies the keystore reference in the audit.xml file. The command edits keystore that encrypts audit records.

The user must have the auditor administrative role to run this command.

Target object None

Required parameters

-keyStoreName

Unique name of the keystore. (String, required)

Optional parameters

-scopeName

Scope name of this keystore. (String, optional)

-keyStoreType

Specifies valid keystore type. (String, optional)

-keyStoreLocation

Location where the system creates the keystore. (String, optional)

-keyStorePassword

Password for this keystore. (String, optional)

-keyStoreIsFileBased

Whether the keystore is file based. (Boolean, optional)

-keyStoreInitAtStartup

Whether the system should initialize the keystore at startup. (Boolean, optional)

-keyStoreReadOnly

Whether the keystore is read-only or editable. (Boolean, optional)

-keyStoreDescription

Description for the keystore. (String, optional)

Return value

The command returns a value of true if the system successfully modifies the keystore.

Batch example...

• Jython string:

  AdminTask.modifyAuditKeyStore('-keyStoreName AuditDefaultKeyStore -scopeName
  (cell):Node04Cell -keyStoreType PKCS12 -keyStoreLocation
  c:\install_root\appserver\profiles\AppSrv01\config\cells\Node04Cell\audittrust.p12
  -keyStorePassword myPwd')
  

• Use Jython list:

  AdminTask.modifyAuditKeyStore(['-keyStoreName', 'AuditDefaultKeyStore', '-scopeName',
  '(cell):Node04Cell', '-keyStoreType', 'PKCS12', '-keyStoreLocation',
  'c:\install_root\appserver\profiles\AppSrv01\config\cells\Node04Cell\audittrust.p12',
  '-keyStorePassword', 'myPwd'])
  

Interactive example...

### Jython

AdminTask.modifyAuditKeyStore('-interactive')

Related

AuditEmitterCommands
AuditSigningCommands command group
AuditEncryptionCommands command group
AuditEventFactoryCommands
AuditFilterCommands command group
AuditNotificationCommands command group
AuditPolicyCommands command group
AuditEventFormatterCommands command group

+

Search Tips   |   Advanced Search