+

Search Tips   |   Advanced Search

Encrypting our security audit records

Audit logs can be encrypted to ensure our audit data is protected. By encrypting our audit records, only users with access to the encrypting certificate will be able to view the audit logs.

Restriction: Encrypting audit data is only available for data created using the default audit service provider. If we are using the SMF emitter or a 3rd party emitter we will not be able to encrypt the data. Before configuring the security audit records to be encrypted, enable global security and security auditing in the environment. We must be assigned the auditor role to encrypt our security auditing records. If we are using a certificate stored in the security.xml file, you also require the administrator role to complete this task.


Tasks

  1. Click Security > Security Auditing > Audit record encryption configuration.

  2. Select the Enable encryption check box to specify that our audit records should be encrypted. All other fields on this panel will be unavailable until this check box has been selected.

  3. Select the keystore containing the encrypting certificate from the dropdown menu or click New to create a new certificate in an existing keystore. Use the following steps if we are creating a new certificate:

    1. Enter the name of the keystore in the Name field.

    2. Enter the path to the keystore file in the Path field.

    3. Enter the password to be associated with the keystore in the Password field.
    4. Confirm the password associated with the keystore by retyping the password in the Confirm password field.

    5. Select the keystore type from the Type dropdown list. The default value of the Type dropdown list is PKCS12.

  4. If we are using an existing certificate to encrypt our audit records, ensure Certificate in keystore is selected and specify the intended certificate in the Certificate alias dropdown menu.

  5. If we are generating a new certificate to encrypt our audit records, select Create a new certificate in the selected keystore and follow these steps:

    1. Enter the name of the new certificate in the Certificate alias field.

    2. Select either Automatically generate certificate or Import a certificate. The certificate used to encrypt the data in the audit log files can either be created or imported. If we selected to generate a certificate, then skip to the last step on this page. If we selected to import a certificate, then continue on with step c.

    3. Enter the name of the keystore file in the Key file name field.

    4. Enter the path to the keystore file in the Path field.

    5. Select the keystore type from the Type dropdown list. The default value of the Type dropdown list is PKCS12.

    6. Enter the password associated with the keystore in the Key File password field.

    7. Click Get key file aliases to populate the Certificate alias to import dropdown menu.

    8. Select the certificate to be imported from the Certificate alias to import dropdown menu.

  6. Click OK.

After completing these steps, our audit logs will be encrypted to ensure only authorized users can view the content of our audit log files.


What to do next

After we have finished configuring the audit logs to be encrypted, we can ensure the data integrity of our audit logs by configuring the audit subsystem to sign our audit records.

  • Protecting our security audit data
  • Encrypting security audit data using scripting
  • Signing security audit data using scripting
  • Audit encryption keystores and certificates collection
  • Audit record encryption configuration settings
  • Audit record signing configuration settings
  • Audit record keystore settings