Protect our security audit data
The security auditing subsystem allows for protection of our security audit data by increasing the assurance that the audit data has not been tampered or modified outside of the auditing facility. This option also protects the confidentiality of the data. The audit data is protected by encrypting and signing the recording data.
Restriction: Signing and encrypting the audit data is only available for data created using the default binary log audit service provider. If we are using the SMF emitter or a 3rd party emitter we will not be able to sign or encrypt the data. Before configuring protection for our security audit data, enable global security and security auditing in the environment. We must be assigned the auditor role to complete the task of protecting the audit data. You will also need the administrator role to configure the audit data to be signed.
The practice of auditing requires assurances that the audit data is accurate and uncompromised. Your audit data has the option to be encrypted, signed, or encrypted and signed. We can protect the audit data using these options to provide assurances that you data is only viewed by authorized users and can not untraceably be modified .
Protect our security audit data
- Encrypting our security audit records
Audit logs can be encrypted to ensure the audit data is protected. The audit logs will be encrypted using a certificate that is saved to a keystore in the audit.xml file. By encrypting the audit records, only users with the password to the keystore will be able to view or update the audit logs.
- Signing our security audit records
Audit logs can be signed to ensure the integrity of our audit data. By signing the audit records, you ensure any modifications of the audit logs can be traced.
After completing these steps the data will be signed, encrypted or signed and encrypted to provide assurances that the data is accurate and confidential.
What to do next
After protecting the data, we can configure notifications to ensure we are notified if a problem with the security auditing subsystems occurs that prevents security events from being recorded.
Subtopics
- Encrypt our security audit records
- Signing our security audit records
- Audit encryption keystores and certificates collection
- Audit record encryption configuration settings
- Audit record signing configuration settings
- Audit record keystore settings
Auditing the security infrastructure Encrypt security audit data using scripting Sign security audit data using scripting