DB2X-00-012000 - DB2 must generate audit records when successful accesses to objects occur

Information

Without tracking all or selected types of access to all or selected objects (tables, views, procedures, functions, etc.), it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one.

In an SQL environment, types of access include, but are not necessarily limited to:

SELECT
INSERT
UPDATE
DELETE
EXECUTE

Solution

Run the following command to define an audit policy with the needed subset using the CREATE AUDIT POLICY SQL statement:
DB2> CREATE AUDIT POLICY <execdb>
CATEGORIES CONTEXT STATUS BOTH, EXECUTE STATUS BOTH
ERROR TYPE AUDIT

To modify an existing audit policy, replace 'CREATE' with 'ALTER' in the preceding statement. Only the categories explicitly named in the statement will be affected. In this case, the changes take effect immediately.

If CREATE was used above, run one of the following commands to apply the correct policy to either the database as a whole or to the specific application tables:
DB2> AUDIT DATABASE USING POLICY EXECDB
Or
DB2> AUDIT TABLE <table name> USING POLICY EXECDB

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_DB2_V10-5_LUW_V2R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c., CAT|II, CCI|CCI-000172, Rule-ID|SV-213759r879878_rule, STIG-ID|DB2X-00-012000, STIG-Legacy|SV-89255, STIG-Legacy|V-74581, Vuln-ID|V-213759

Plugin: IBM_DB2DB

Control ID: 10508f714b7713547da8d75abdbc4af87baf4b81ea95052c56fc445efe11eedd