Tasks | Home

 

Auditing

 

+

Search Tips   |   Advanced Search

 

Security auditing has two primary goals:

• Compliance with policies and laws.
• Vulnerability analysis.

Security auditing captures security events. During run time, all code, except Java EE 5 app code, is considered to be trusted. Each time a Java EE 5 app accesses a secured resource, any internal appserver process with an audit point included can be recorded as an auditable event.

We can enable auditing and configure filters to log the events we are interested.

The security auditing subsystem has the ability to capture the following types of auditable events:

1. Authentication
2. Authorization
3. Principal and credential mapping
4. Audit policy management
5. Administrative configuration management
6. User registry and identity management
7. Delegation

Events are recorded in audit log files. Encryption and signing is, by default, disabled. To enable, add keystores and certificates. Once encrypted, audit log files can be read with the audit reader...

 
AdminTask.binaryAuditLogReader
('[
    -fileName myFile 
    -reportMode basic 
    -keyStorePassword myPass 
    -outputLocation /tmp/binaryLogs
]')

The audit service provider formats and records audit events. The event factory collects the data associated to the auditable security events and sends it to the audit service provider.