Network Deployment (Distributed operating systems), v8.0 > Reference > Commands (wsadmin scripting)
AuditPolicyCommands command group
We can use Jython to manage the security auditing system with wsadmin.sh. Use the commands and parameters in the AuditPolicyCommands group to enable and configure the security auditing system.
Use the following commands to configure, query, and manage the security auditing system:
- disableAudit
- disableVerboseAudit
- enableAudit
- enableVerboseAudit
- getAuditPolicy
- getAuditSystemFailureAction
- getAuditorId
- isAuditEnabled
- isVerboseAuditEnabled
- mapAuditGroupIDsOfAuthorizationGroup
- modifyAuditPolicy
- setAuditSystemFailureAction
- resetAuditSystemFailureAction
- setAuditorId
- setAuditorPwd
disableAudit
The disableAudit command disables security auditing in the audit.xml configuration file.
The user must have the auditor administrative role to run this command.
Target object None
Return valueThe command returns a value of true if the system successfully disables security auditing.
Batch example...
- Jython string:
AdminTask.disableAudit()
- Use Jython list:
AdminTask.disableAudit()
Interactive example...
### Jython
AdminTask.disableAudit('-interactive')
disableVerboseAudit
The disableVerboseAudit command disables the verbose capture of audit data for the security auditing system.
The user must have the auditor administrative role to run this command.
Target object None
Return valueThe command returns a value of true if the system successfully disables the verbose capture of audit data.
Batch mode example usage
- Jython string:
AdminTask.disableVerboseAudit()
- Use Jython list:
AdminTask.disableVerboseAudit()
Interactive example...
- Jython string:
AdminTask.disableVerboseAudit('-interactive')
enableAudit
The enableAudit command enables security auditing in the audit.xml configuration file. By default, security auditing is disabled.
The user must have the auditor administrative role to run this command.
Target object None
Return valueThe command returns a value of true if the system successfully enables security auditing.
Batch example...
- Jython string:
AdminTask.enableAudit()
- Use Jython list:
AdminTask.enableAudit()
Interactive example...
### Jython
AdminTask.enableAudit('-interacive')
enableVerboseAudit
The enableVerboseAudit command sets the security auditing system to perform verbose capture of audit data.
The user must have the auditor administrative role to run this command.
Target object None
Return valueThe command returns a value of true if the system successfully sets the security auditing system to perform verbose capture of audit data.
Batch example...
- Jython string:
AdminTask.enableVerboseAudit()
- Use Jython list:
AdminTask.enableVerboseAudit()
Interactive example...
### Jython
AdminTask.enableVerboseAudit('-interactive')
getAuditPolicy
The getAuditPolicy command retrieves each attribute that is associated with the audit policy in the audit.xml configuration file.
The user must have the monitor administrative role to run this command.
Target object None
Return valueThe command returns a list of attributes for the security auditing system, as the following sample output displays:
{{auditEventFactories {{{name auditEventFactoryImpl_1} {properties {}} {className com.ibm.ws.security.audit.AuditEventFactoryImpl} {auditServiceProvider auditServiceProviderImpl_1(cells/Node04Cell|audit.xml#AuditServiceProvider_1173199825608)} {auditSpecifications DefaultAuditSpecification_1(cells/Node04Cell|audit.xml#AuditSpecification_1173199825608) DefaultAuditSpecification_2(cells/Node04Cell|audit.xml#AuditSpecification_1173199825609) DefaultAuditSpecification_3(cells/Node04Cell|audit.xml#AuditSpecification_1173199825610) DefaultAuditSpecification_4(cells/Node04Cell|audit.xml#AuditSpecification_1173199825611)} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#AuditEventFactory_1173199825608} {_Websphere_Config_Data_Type AuditEventFactory}}}} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#AuditPolicy_1173199825608} {auditServiceProviders {{{auditSpecifications DefaultAuditSpecification_1(cells/Node04Cell|audit.xml#AuditSpecification_1173199825608) DefaultAuditSpecification_2(cells/Node04Cell|audit.xml#AuditSpecification_1173199825609) DefaultAuditSpecification_3(cells/Node04Cell|audit.xml#AuditSpecification_1173199825610) DefaultAuditSpecification_4(cells/Node04Cell|audit.xml#AuditSpecification_1173199825611)} {name auditServiceProviderImpl_1} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#AuditServiceProvider_1173199825608} {maxFileSize 1} {_Websphere_Config_Data_Type AuditServiceProvider} {fileLocation ${PROFILE_ROOT}/logs/server1} {className com.ibm.ws.security.audit.BinaryEmitterImpl} {properties {}} {eventFormatterClass {}} {maxLogs 100}}}} {securityXmlSignerCertAlias auditSignCert} {properties {}} {securityXmlSignerScopeName (cell):Node04Cell:(node):Node04} {auditorPwd SweetShadowsPwd} {_Websphere_Config_Data_Type AuditPolicy} {securityXmlSignerKeyStoreName NodeDefaultSignersStore} {verbose false} {auditPolicy WARN} {encrypt false} {managementScope {}} {encryptionCert {}} {batching false} {auditorId SweetShadow} {auditEnabled false} {sign true}}
Batch example...
- Jython string:
AdminTask.getAuditPolicy()
- Use Jython list:
AdminTask.getAuditPolicy()
Interactive example...
### Jython
AdminTask.getAuditPolicy('-interactive')
getAuditSystemFailureAction
The getAuditSystemFailureAction command displays the action that the application server takes if a failure occurs in the security auditing subsystem.
The user must have the monitor administrative role to run this command.
Target object None
Return valueThe command returns a string that describes the action that the application server takes if the security auditing subsystem fails. Possible values are WARN, NOWARN, or FATAL.
Application server actions if the security auditing subsystem fails. The following table describes the behavior associated with each action that the application server takes if the security auditing subsystem fails:
WARN Specifies that the application server should notify the auditor, stop security auditing, and continue to run the application server process. NOWARN Specifies that the application server should not notify the auditor, but should stop security auditing and continue to run the application server process FATAL Specifies that the application server should notify the auditor, stop security auditing, and stop the application server process.
Batch example...
- Jython string:
AdminTask.getAuditSystemFailureAction()
- Use Jython list:
AdminTask.getAuditSystemFailureAction()
Interactive example...
### Jython
AdminTask.getAuditSystemFailureAction('-interactive')
getAuditorId
The getAuditorId command retrieves the name of the user who is assigned as the auditor.
The user must have the monitor administrative role to run this command.
Target object None
Return valueThe command returns the name of the user who is assigned as the auditor.
Batch example...
- Jython string:
AdminTask.getAuditorId()
- Use Jython list:
AdminTask.getAuditorId()
Interactive example...
### Jython
AdminTask.getAuditorId('-interactive')
isAuditEnabled
The isAuditEnabled command determines whether the security auditing is enabled in the configuration. By default, auditing is not enabled in the audit.xml configuration file.
The user must have the monitor administrative role to run this command.
Target object None
Return valueThe command returns a value of true if security auditing is enabled in the environment. If the command returns a value of false, security auditing is disabled.
Batch mode example usage
- Jython string:
AdminTask.isAuditEnabled()
- Use Jython list:
AdminTask.isAuditEnabled()
Interactive example...
### Jython
AdminTask.isAuditEnabled('-interactive')
isVerboseAuditEnabled
The isVerboseAuditEnabled command determines whether or not the security auditing system verbosely captures audit data.
The user must have the monitor administrative role to run this command.
Target object None
Return valueThe command returns a value of true if the security auditing system is configured to verbosely capture audit data.
Batch example...
- Jython string:
AdminTask.isVerboseAuditEnabled()
- Use Jython list:
AdminTask.isVerboseAuditEnabled()
Interactive example...
### Jython
AdminTask.isVerboseAuditEnabled('-interactive')
mapAuditGroupIDsOfAuthorizationGroup
The mapAuditGroupIDsOfAuthorizationGroup command maps the special subjects to users in the registry.
The user must have the monitor administrative role to run this command.
Target object None
Return valueThe command does not return output.
Batch example...
- Jython string:
AdminTask.mapAuditGroupIDsOfAuthorizationGroup()
- Use Jython list:
AdminTask.mapAuditGroupIDsOfAuthorizationGroup()
Interactive example...
### Jython
AdminTask.mapAuditGroupIDsOfAuthorizationGroup('-interactive')
modifyAuditPolicy
The modifyAuditPolicy command modifies the audit policy attributes in the audit.xml configuration file. We can use this command to modify one or multiple attributes.
The user must have the auditor administrative role to run this command.
Target object None
Optional parameters
-auditEnabled
Whether security auditing is enabled in the configuration. (Boolean, optional)
-auditPolicy
Action that the application server takes if the security auditing subsystem fails. (String, optional)
auditPolicy parameter values. The following table describes the valid values for the auditPolicy parameter:
WARN Specifies that the application server should notify the auditor, stop security auditing, and continue to run the application server process. NOWARN Specifies that the application server should not notify the auditor, but should stop security auditing and continue to run the application server process FATAL Specifies that the application server should notify the auditor, stop security auditing, and stop the application server process.
-auditorId
Name of the user that the system assigns as the auditor. (String, optional)
-auditorPwd
Password for the auditor id. (String, optional)
-sign
Whether to sign audit records. Use the AuditSigningCommands command group to configure signing settings. (Boolean, optional)
-encrypt
Whether to encrypt audit records. Use the AuditEncryptionCommands command group to configure encryption settings. (Boolean, optional)
-verbose
Whether to capture verbose audit data. (Boolean, optional)
-encryptionCert
Reference ID of the certificate to use for encryption. Specify this parameter if you set the -encrypt parameter to true. (String, optional)
Return valueThe command returns a value of true if the system successfully updates the security auditing system policy.
Batch example...
- Jython string:
AdminTask.modifyAuditPolicy('-auditEnabled true -auditPolicy NOWARN -auditorId testuser -auditorPwd testuserpwd -sign false -encrypt false -verbose false')
- Use Jython list:
AdminTask.modifyAuditPolicy(['-auditEnabled', 'true', '-auditPolicy', 'NOWARN', '-auditorId', 'testuser', '-auditorPwd', 'testuserpwd', '-sign', 'false', '-encrypt', 'false', '-verbose', 'false'])
Interactive example...
### Jython
AdminTask.modifyAuditPolicy('-interactive')
setAuditSystemFailureAction
The setAuditSystemFailureAction command sets the action that the application server takes if the security auditing subsystem fails.
The user must have the auditor administrative role to run this command.
Target object None
Required parameters
-action
Action to take if the security auditing subsystem fails. (String, required)
Action parameters. The following table describes the valid values for the action parameter:
WARN Specifies that the application server should notify the auditor, stop security auditing, and continue to run the application server process. NOWARN Specifies that the application server should not notify the auditor, but should stop security auditing and continue to run the application server process FATAL Specifies that the application server should notify the auditor, stop security auditing, and stop the application server process.
Return valueThe command returns a value of true if the system successfully updates the security auditing system policy.
Batch example...
- Jython string:
AdminTask.setAuditSystemFailureAction('-action NOWARN')
- Use Jython list:
AdminTask.setAuditSystemFailureAction(['-action', 'NOWARN'])
Interactive example...
### Jython
AdminTask.setAuditSystemFailureAction('-interactive')
resetAuditSystemFailureAction
The resetAuditSystemFailureAction command sets the action that the application server takes if the security auditing system fails to the NOWARN setting.
The user must have the auditor administrative role to run this command.
Target object None
Return valueThe command returns a value of true if the system successfully updates the configuration.
Batch example...
- Jython string:
AdminTask.resetAuditSystemFailureAction()
- Use Jython list:
AdminTask.resetAuditSystemFailureAction()
Interactive example...
### Jython
AdminTask.resetAuditSystemFailureAction('-interactive')
setAuditorId
The setAuditorId command sets the name of the user to assign as the auditor.
The user must have the auditor administrative role to run this command.
Target object None
Required parameters
-name
Name of the user to assign as the auditor. (String, required)
Return valueThe command returns a value of true if the system successfully updates the configuration.
Batch example...
- Jython string:
AdminTAsk.setAuditorId('-name myAdmin')
- Use Jython list:
AdminTAsk.setAuditorId(['-name', 'myAdmin'])
Interactive example...
- Jython string:
AdminTAsk.setAuditorId('-interactive')
setAuditorPwd
The setAuditorPwd command sets the password for the auditor.
The user must have the auditor administrative role to run this command.
Target object None
Required parameters
-password
Password for the user assigned as the auditor. (String, required)
Return valueThe command returns a value of true if the system successfully updates the configuration.
Batch example...
- Jython string:
AdminTask.setAuditorPwd('-password myAdminPassword')
- Use Jython list:
AdminTask.setAuditorPwd(['-password', 'myAdminPassword'])
Interactive example...
### Jython
AdminTask.setAuditorPwd('-interactive')
Related
AuditKeyStoreCommands command group
AuditEmitterCommands
AuditSigningCommands command group
AuditEncryptionCommands command group
AuditEventFactoryCommands
AuditFilterCommands command group
AuditNotificationCommands command group
AuditEventFormatterCommands command group