Title

The Hardware Management Console Event log must be active. (Cat II impact)

Discussion

The Hardware Management Console controls the operation and availability of the Central Processor Complex (CPC). Failure to create and maintain the Hardware Management Console Event log could result in the lack of monitoring and accountability of CPC control activity.

Check Content

Verify on the Hardware Management Console that the Event log is in use. This is done by selecting the View Console Events panel under Console Actions. From this panel you can display: Console Information on EC Changes Console Service History displays HMC Problems Console Tasks Displays Last 2000 tasks performed on console View Licenses View LIC (Licensed Internal Code) View Security Logs tracks an object’s operational state, status, or settings change or involves user access to tasks, actions, and objects. If no Event log exists, this is a FINDING. If the Event log exists and is not collecting data, this is a FINDING.

Fix Text

The System Administrator will activate the Hardware Management Console Event log and ensure that all tracking parameters are set. This is done by selecting the View Console Events panel under Console Actions. From this panel you can display: Console Information on EC Changes Console Service History displays HMC Problems Console Tasks Displays Last 2000 tasks performed on console View Licenses View LIC (Licensed Internal Code) View Security Logs tracks an object’s operational state, status, or settings change or involves user access to tasks, actions, and objects.

Additional Identifiers

Rule ID: SV-256874r958442_rule

Vulnerability ID: V-256874

Group Title: SRG-OS-000062-GPOS-00031

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.