Rule ID
SV-255732r960864_rule
Version
V1R2
This requirement supports non-repudiation of actions taken by an administrator and is required in order to maintain the integrity of the configuration management process. All configuration changes to the MQ Appliance network device are logged, and administrators authenticate with two-factor authentication before gaining administrative access. Together, these processes will ensure the administrators can be held accountable for the configuration changes they implement. Using a syslog logging target, the MQ Appliance logs configuration changes to the device. Logging may be set to the following logging levels in descending order of criticality: debug, info, notice, warn, error, alert, emerg. The default is notice. Satisfies: SRG-APP-000080-NDM-000220, SRG-APP-000095-NDM-000225, SRG-APP-000097-NDM-000227, SRG-APP-000098-NDM-000228, SRG-APP-000100-NDM-000230, SRG-APP-000319-NDM-000283
Log on to the MQ Appliance CLI as a privileged user. Enter: co show logging target All configured logging targets will be displayed. Verify: - This list includes a remote syslog notification target; and - It includes all of the following log event source and log level parameters: event audit info event auth notice event mgmt notice event cli notice event user notice event system error If these events are not configured, this is a finding.
Log on to the MQ Appliance CLI as a privileged user. Configure a syslog target. To enter global configuration mode, enter "config". To create a syslog target, enter: logging target <logging target name> type syslog admin-state enabled local-address <MQ Appliance IP> remote-address <syslog server IP> remote-port <syslog server port> event audit info event auth notice event mgmt notice event cli notice event user notice event system error exit write mem y