Configure security auditing using scripting

Security auditing provides tracking and archiving of auditable events. This topic uses the wsadmin tool to enable and administer our security auditing configurations.

While security authentication and authorization ensures that users must have access to view protected resources, security auditing provides a mechanism to validate the integrity of a security computing environment. Security auditing collects and logs authentication, authorization, system management, security, and audit policy events in audit event records. We can analyze audit event records to determine possible security breaches, threats, attacks, and potential weaknesses in the security configuration of the environment. Enable security auditing in the environment. For example, the following list displays a sample of events to audit:

• Determine the time that a specific user attempted to access a resource.
• View information for successful and unsuccessful attempts to access resources.
• Review changes to resources that were made by a specific user.
• Determine the cause of unsuccessful login attempts.

Use the following task outline to enable and configure security auditing in the environment:

Tasks

1. Enable administrative security in the environment.
2. Configure auditable events.
3. Configure audit event factories.
4. Configure audit service providers.
5. Set the global audit policy.

After completing the steps to enable and configure security auditing, the profile of interest audits the security configurations for specific auditable event types.

What to do next

To further configure security auditing, we can:

• Configure audit notifications.
• Encrypt audit records.
• Sign audit records.

Subtopics

• Configure audit service providers using scripting
  
• Configure audit event factories using scripting
  
• Configure auditable events using scripting
  
• Enable security auditing using scripting
  
• Configure security audit notifications using scripting
  
• Encrypting security audit data using scripting
  
• Signing security audit data using scripting
  
• AuditKeyStoreCommands
  
• AuditEmitterCommands for the AdminTask object
  
• AuditSigningCommands
  
• AuditEncryptionCommands
  
• AuditEventFactoryCommands for the AdminTask object
  
• AuditFilterCommands
  
• AuditNotificationCommands
  
• AuditPolicyCommands
  
• AuditEventFormatterCommands
  
• AuditReaderCommands
  

Enable and disable security using scripting