WAS v8.5 > Script the application serving environment (wsadmin) > Scripting for security > Configure security with scripting

Configure security auditing using scripting

Security auditing provides tracking and archiving of auditable events. This topic uses wsadmin to enable and administer your security auditing configurations.

While security authentication and authorization ensures that users must have access to view protected resources, security auditing provides a mechanism to validate the integrity of a security computing environment. Security auditing collects and logs authentication, authorization, system management, security, and audit policy events in audit event records. We can analyze audit event records to determine possible security breaches, threats, attacks, and potential weaknesses in the security configuration of the environment. Enable security auditing in the environment. For example, the following list displays a sample of events to audit:

• Determine the time that a specific user attempted to access a resource.
• View information for successful and unsuccessful attempts to access resources.
• Review changes to resources that were made by a specific user.

• Determine the cause of unsuccessful login attempts.

Use the following task outline to enable and configure security auditing in the environment:

1. Enable administrative security in the environment.
   
2. Configure auditable events.
   The security auditing configuration provides four default auditable filters. Use this topic to configure filters for additional audit events.
3. Configure audit event factories.
   The security auditing configuration provides a default event factory. Use this topic to configure additional audit event factories.
4. Configure audit service providers.
   The security auditing configuration provides a default service provider. Use this topic to configure additional audit service providers.
5. Set the global audit policy.
   After setting up audit event factories, service providers, and events, use this topic to enable security auditing.

Results

After completing the steps to enable and configure security auditing, the profile of interest audits your security configurations for specific auditable event types.

To further configure security auditing, we can:

• Configure audit notifications.
• Encrypt audit records.
• Sign audit records.

Subtopics

• Configure audit service providers using scripting
  Before enabling security auditing, use this task to configure audit service providers using wsadmin. Security auditing provides tracking and archiving of auditable events.
• Configure audit event factories using scripting
  Before enabling security auditing, use this task to configure audit event factories using wsadmin. Security auditing provides tracking and archiving of auditable events.
• Configure auditable events using scripting
  Before enabling security auditing, use this task to configure event filters using wsadmin. Security auditing provides tracking and archiving of auditable events.
• Enable security auditing using scripting
  Use this task to enable and configure security auditing in the environment with wsadmin. Security auditing provides tracking and archiving of auditable events.
• Configure security audit notifications using scripting
  Configure the security auditing system to send email notifications to a distribution list, system log, or both a distribution list and a system log if a failure occurs in the audit subsystem. Security auditing provides tracking and archiving of auditable events.
• Encrypting security audit data using scripting
  We can use wsadmin to configure the security auditing system to encrypt security audit records. Security auditing provides tracking and archiving of auditable events.
• Signing security audit data using scripting
  We can use wsadmin to configure the security auditing system to sign security audit records. Security auditing provides tracking and archiving of auditable events.
• AuditKeyStoreCommands command group for AdminTask
  We can use the Jython scripting language to configure the security auditing system with wsadmin. Use the commands and parameters in the AuditKeyStoreCommands group to configure audit keystores in the security auditing system.
• AuditEmitterCommands for AdminTask
  We can use the Jython scripting language to configure audit service providers with wsadmin. Use the commands and parameters in the AuditEmitterCommands group to create, manage, and remove audit service providers from your security auditing system configuration.
• AuditSigningCommands command group for AdminTask
  We can use the Jython scripting language to configure the signing of audit records with wsadmin. Use the commands and parameters in the AuditSigningCommands group to enable, disable, and configure the security audit system to sign audit records.
• AuditEncryptionCommands command group for AdminTask
  We can use the Jython scripting language to configure the security auditing system with wsadmin. Use the commands and parameters in the AuditEncryptionCommands group to configure the security audit system to encrypt audit records.
• AuditEventFactoryCommands for AdminTask
  We can use the Jython scripting language to configure the security auditing system with wsadmin. Use the commands and parameters in the AuditEventFactoryCommands group to configure the default or a third-party audit event factory.
• AuditFilterCommands command group for AdminTask
  We can use the Jython scripting language to configure the security auditing system with wsadmin. Use the commands and parameters in the AuditFilterCommands group to manage auditable events.
• AuditNotificationCommands command group for AdminTask
  We can use the Jython scripting language to manage the security auditing system with wsadmin. Use the commands and parameters in the AuditNotificationCommands group to manage audit notifications and audit notification monitors.
• AuditPolicyCommands command group for AdminTask
  We can use the Jython scripting language to manage the security auditing system with wsadmin. Use the commands and parameters in the AuditPolicyCommands group to enable and configure the security auditing system.
• AuditEventFormatterCommands command group for AdminTask
  We can use the Jython scripting language to manage the security auditing system with wsadmin. Use the commands and parameters in the AuditEventFormatterCommands group to manage the event formatter for the audit service provider.
• AuditReaderCommands command group for AdminTask
  We can use the Jython scripting language to manage the security auditing system with wsadmin. Use the commands and parameters in the AuditReaderCommands group to display audit record information from the binary audit log.
• Configure audit service providers using scripting
  Before enabling security auditing, use this task to configure audit service providers using wsadmin. Security auditing provides tracking and archiving of auditable events.
• Configure audit event factories using scripting
  Before enabling security auditing, use this task to configure audit event factories using wsadmin. Security auditing provides tracking and archiving of auditable events.
• Configure auditable events using scripting
  Before enabling security auditing, use this task to configure event filters using wsadmin. Security auditing provides tracking and archiving of auditable events.
• Enable security auditing using scripting
  Use this task to enable and configure security auditing in the environment with wsadmin. Security auditing provides tracking and archiving of auditable events.
• Configure security audit notifications using scripting
  Configure the security auditing system to send email notifications to a distribution list, system log, or both a distribution list and a system log if a failure occurs in the audit subsystem. Security auditing provides tracking and archiving of auditable events.
• Encrypting security audit data using scripting
  We can use wsadmin to configure the security auditing system to encrypt security audit records. Security auditing provides tracking and archiving of auditable events.
• Signing security audit data using scripting
  We can use wsadmin to configure the security auditing system to sign security audit records. Security auditing provides tracking and archiving of auditable events.
• AuditKeyStoreCommands command group for AdminTask
  We can use the Jython scripting language to configure the security auditing system with wsadmin. Use the commands and parameters in the AuditKeyStoreCommands group to configure audit keystores in the security auditing system.
• AuditEmitterCommands for AdminTask
  We can use the Jython scripting language to configure audit service providers with wsadmin. Use the commands and parameters in the AuditEmitterCommands group to create, manage, and remove audit service providers from your security auditing system configuration.
• AuditSigningCommands command group for AdminTask
  We can use the Jython scripting language to configure the signing of audit records with wsadmin. Use the commands and parameters in the AuditSigningCommands group to enable, disable, and configure the security audit system to sign audit records.
• AuditEncryptionCommands command group for AdminTask
  We can use the Jython scripting language to configure the security auditing system with wsadmin. Use the commands and parameters in the AuditEncryptionCommands group to configure the security audit system to encrypt audit records.
• AuditEventFactoryCommands for AdminTask
  We can use the Jython scripting language to configure the security auditing system with wsadmin. Use the commands and parameters in the AuditEventFactoryCommands group to configure the default or a third-party audit event factory.
• AuditFilterCommands command group for AdminTask
  We can use the Jython scripting language to configure the security auditing system with wsadmin. Use the commands and parameters in the AuditFilterCommands group to manage auditable events.
• AuditNotificationCommands command group for AdminTask
  We can use the Jython scripting language to manage the security auditing system with wsadmin. Use the commands and parameters in the AuditNotificationCommands group to manage audit notifications and audit notification monitors.
• AuditPolicyCommands command group for AdminTask
  We can use the Jython scripting language to manage the security auditing system with wsadmin. Use the commands and parameters in the AuditPolicyCommands group to enable and configure the security auditing system.
• AuditEventFormatterCommands command group for AdminTask
  We can use the Jython scripting language to manage the security auditing system with wsadmin. Use the commands and parameters in the AuditEventFormatterCommands group to manage the event formatter for the audit service provider.
• AuditReaderCommands command group for AdminTask
  We can use the Jython scripting language to manage the security auditing system with wsadmin. Use the commands and parameters in the AuditReaderCommands group to display audit record information from the binary audit log.

Related

Enable and disabling security using scripting

+

Search Tips   |   Advanced Search