Detections
Analytics

7.1.2 Disable Limited Audit of Applications (DB2_LIMIT_AUDIT_APPS)

Information

The DB2_LIMIT_AUDIT_APPS registry variable contains a list of application names that should not be audited. It is recommended that this variable should not be set and all applications should be audited.

The DB2_LIMIT_AUDIT_APPS registry variable is not documented.

Rationale:

The application name not to be audited is determined by the client and not validated by the server. It is possible for a malicious user to change their application name to avoid being audited.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Perform the following command to remove any applications from the list:

db2set DB2_LIMIT_AUDIT_APPS=

See Also

https://workbench.cisecurity.org/benchmarks/23492

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-1, 800-53|AU-2

Plugin: Unix

Control ID: 34c2515fe8afda627a1f62a0a5eaa01910698a3fab323ef99998b718156f40ba