7.1.2 Disable Limited Audit of Applications (DB2_LIMIT_AUDIT_APPS)

Information

The DB2_LIMIT_AUDIT_APPS registry variable contains a list of application names that should not be audited. It is recommended that this variable should not be set and all applications should be audited.

The DB2_LIMIT_AUDIT_APPS registry variable is not documented.

Rationale:

The application name not to be audited is determined by the client and not validated by the server. It is possible for a malicious user to change their application name to avoid being audited.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Perform the following command to remove any applications from the list:

db2set DB2_LIMIT_AUDIT_APPS=

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-1, 800-53|AU-2

Plugin: Windows

Control ID: 0ba6664e2aa388e7c03dab2f9ed584b0dbf1c3173e1f3ba992f3f7e549d11505