STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance network device must use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and in association with CJCSM 6510.01B.

DISA Rule

SV-89689r1_rule

Vulnerability Number

V-75015

Group Title

SRG-APP-000516-NDM-000333

Rule Version

MQMH-ND-001420

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001274 - The organization employs automated mechanisms to alert security personnel of organization-defined inappropriate or unusual activities with security implications.

Weight

10

Fix Recommendation

Log on to the MQ Appliance CLI as a privileged user.

To enter global configuration mode, enter "config".

To create a syslog target, enter:
logging target <logging target name>
type syslog
admin-state enabled
local-address <MQ Appliance IP>
remote-address <syslog server IP>
remote-port <syslog server port>
event audit info
event auth notice
event mgmt notice
event cli notice
event user notice
event system error
exit
write mem
y

It is the responsibility of the sysadmin to configure the triggers necessary to send alerts based upon information received at the syslog server. To meet the current requirement, the sysadmin must specify threat event patterns that should trigger alerts. Then, the sysadmin must configure alerts that will occur in response to those event patterns. Ideas for trigger event patterns can be gained from an examination of the existing syslog.

Check Contents

Log on to the MQ Appliance CLI as a privileged user.

Enter:
co
show logging target

All configured logging targets will be displayed. Verify:
- This list includes a remote syslog notification target; and
- It includes all desired log event source and log level parameters:
event audit info
event auth notice
event mgmt notice
event cli notice
event user notice
event system error

Ask the system admin to provide evidence the required alert triggers have been set up.

If any is not true, this is a finding.

Vulnerability Number

V-75015

Documentable

False

Rule Version

MQMH-ND-001420

Severity Override Guidance

Log on to the MQ Appliance CLI as a privileged user.

Enter:
co
show logging target

All configured logging targets will be displayed. Verify:
- This list includes a remote syslog notification target; and
- It includes all desired log event source and log level parameters:
event audit info
event auth notice
event mgmt notice
event cli notice
event user notice
event system error

Ask the system admin to provide evidence the required alert triggers have been set up.

If any is not true, this is a finding.

Check Content Reference

M

Target Key

3243

Comments