Novell XDASv2 Administration Guide

Novell®

www.novell.com

AUTHORIZED DOCUMENTATION

Administration Guide

XDASv2 for eDirectory, IDM, and NMAS

novdocx (en) 16 April 2010

October 15, 2010

Novell XDASv2 Administration Guide

Legal Notices

Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the

Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on

exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

novdocx (en) 16 April 2010

Copyright © 2010 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com

Online Documentation: To access the latest online documentation for this and other Novell products, see

the Novell Documentation Web page (http://www.novell.com/documentation).

Novell Trademarks

For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/

trademarks/tmlist.html).

Third-Party Materials

All third-party trademarks are the property of their respective owners.

novdocx (en) 16 April 2010

4 Novell XDASv2 Administration Guide

Contents

About This Guide 7

1Overview 9

1.1 Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

1.2 XDASv2 Server Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2 Configuring XDASv2 11

2.1 Installing eDirectory XDASv2 Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.2 Configuring XDASv2 Property File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.3 Configuring XDAS Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2.4 Loading the Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

novdocx (en) 16 April 2010

3 iManager Plug-In for XDASv2 13

3.1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.2 Installing iManager Plug-In for XDASv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.3 Using iManager Plug-In Console for XDASv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.4 Configuring XDASv2 Events for Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3.4.1 Configuring Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3.4.2 Configuring XDASv2 Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

3.4.3 Configuring XDASv2 Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.5 Securing the iManager Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

4 Troubleshooting 19

A XDASv2 Events 21

A.1 Account Management Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

A.2 Session Management Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

A.3 Data Item and Resource Element Management Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

A.4 Service or Application Management Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

A.5 Service or Application Utilization Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

A.6 Peer Association Management Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

A.7 Data Item or Resource Element Content Access Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

A.8 Work Flow Management Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

A.9 Role Management Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

A.10 Exceptional Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

A.11 Audit Service Management Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

A.12 Authentication Event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

B XDASv2 Schema 33

B.1 XDAS V2 JSON Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

B.2 XDAS Field Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

B.3 Outcome Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

B.4 Example of an Event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Contents 5

novdocx (en) 16 April 2010

6 Novell XDASv2 Administration Guide

About This Guide

This guide describes how to configure and use XDASv2 to audit Novell eDirectory 8.8 and Novell Identity Manager.

 Chapter 1, “Overview,” on page 9

 Chapter 2, “Configuring XDASv2,” on page 11

 Chapter 3, “iManager Plug-In for XDASv2,” on page 13

 Chapter 4, “Troubleshooting,” on page 19

 Chapter A, “XDASv2 Events,” on page 21

 Appendix B, “XDASv2 Schema,” on page 33

Audience

This guide is intended for Administrators.

novdocx (en) 16 April 2010

Feedback

We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there.

Documentation Updates

For the most recent version of the XDASv2 Administration Guide, visit the eDirectory Web site

(http://www.novell.com/documentation/edir88).

Additional Documentation

For documentation on eDirectory documentation, see the following:

 Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/

index.html).

 Novell eDirectory 8.8 Installation Guide (http://www.novell.com/documentation/edir88/

index.html).

 Novell iManager 2.7 Administration Guide (http://www.novell.com/documentation/

imanager27/index.html).

About This Guide 7

novdocx (en) 16 April 2010

8 Novell XDASv2 Administration Guide

Overview

The XDASv2 specification provides a standardized classification for audit events. It defines a set of generic events at a global distributed system level. XDASv2 provides a common portable audit record format to facilitate the merging and analysis of audit information from multiple components at the distributed system level. The XDASv2 events are encapsulated within a hierarchical notational system that helps to extend the standard or existing event identifier set.The XDASv2 taxonomy defines a set of fields, of these the primary fields are observer, initiator and target. XDASv2 events helps you easily understand the audit trails of heterogeneous applications

 Section 1.1, “Key Benefits,” on page 9

 Section 1.2, “XDASv2 Server Architecture,” on page 9

1.1 Key Benefits

 Provides secured audit services for a distributed system.

novdocx (en) 16 April 2010

 Defines a set of generic events at a global distributed system level.

 Defines a common portable audit record format to help merge and analyse the audit

information from multiple components of a distributed system.

 Defines a common format for audit events that analysis applications can use.

 Records XDASv2 audit trail.

 Configures event preselection criteria and event disposition actions.

 Provides a common audit format regardless of the platform on which the XDASv2 service is

running.

 Supports heterogeneous environments without the necessity to reengineer the current operating

system or application-specific audit service implementations.

 Supports adequate separation of duties for users.

 Protects the audit log by making it accessible only to principals acting in specific

administrative or security roles.

1.2 XDASv2 Server Architecture

Overview

Figure 1-1 XDASv2 Server Architecture

novdocx (en) 16 April 2010

10 Novell XDASv2 Administration Guide

Configuring XDASv2

This chapter contains the following information:

 Section 2.1, “Installing eDirectory XDASv2 Files,” on page 11

 Section 2.2, “Configuring XDASv2 Property File,” on page 11

 Section 2.3, “Configuring XDAS Events,” on page 12

 Section 2.4, “Loading the Modules,” on page 12

2.1 Installing eDirectory XDASv2 Files

The following eDirectory XDASv2 files are, by default, installed as part of eDirectory.

 Linux:



novell-edirectory-xdaslog

novdocx (en) 16 April 2010



novell-edirectory-xdaslog-conf



novell-edirectory-xdasinstrument

 Solaris:



NOVLlog



NOVLedirxdasin

 Windows



xdasauditds.dlm



xdaslog.dll

2.2 Configuring XDASv2 Property File

The XDASv2 property file is located at

xdasconfig.properties

The following is the content of the XDASv2 property file:

# Set the level of the root logger to DEBUG and attach appenders. #log4j.rootLogger=debug, S, R

# Defines appender S to be a SyslogAppender. #log4j.appender.S=org.apache.log4j.net.SyslogAppender

# Defines location of Syslog server. #log4j.appender.S.Host=localhost #log4j.appender.S.Port=port

. You can customize the file according to your requirement.

/etc/opt/novell/configuration/

# Specify protocol to be used (UDP/TCP/SSL) #log4j.appender.S.Protocol=UDP

# Specify SSL certificate file for SSL connection. # File path should be given with double backslash. #log4j.appender.S.SSLCertFile=/etc/opt/novell/mycert.pem

Configuring XDASv2

# Minimum log-level allowed in syslog. #log4j.appender.S.Threshold=INFO

# Defines the type of facility. #log4j.appender.S.Facility=USER

# Layout definition for appender Syslog S. #log4j.appender.S.layout=org.apache.log4j.PatternLayout #log4j.appender.S.layout.ConversionPattern=%c : %p%m%n

# Defines appender R to be a Rolling File Appender. #log4j.appender.R=org.apache.log4j.RollingFileAppender

# Log file for appender R. #log4j.appender.R.File=/var/opt/novell/eDirectory/log/xdas-events.log

# Max size of log file for appender R. #log4j.appender.R.MaxFileSize=100MB

# Set the maximum number of backup files to keep for appender R. # Max can be 13. If set to zero, then there will be no backup files. #log4j.appender.R.MaxBackupIndex=10

novdocx (en) 16 April 2010

# Layout definition for appender Rolling log file R. #log4j.appender.R.layout=org.apache.log4j.PatternLayout #log4j.appender.R.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %c : %p%m%n

Table 2-1 XDASv2 Property File

Options ID Description

Syslog Appender S

Rolling File Appender R

2.3 Configuring XDAS Events

See Chapter 3, “iManager Plug-In for XDASv2,” on page 13 for information on configuring XDASv2 events for eDirectory.

2.4 Loading the Modules

After you have configured the XDASv2 events, run the following command to load the XDASv2 modules:

 Linux/Solaris: Run the following command to load the XDASv2 modules:

ndstrace -c "load xdasauditds"

 Windows: Run

ndscons.exe

then click Start.

If you have installed NMAS and enabled NMAS auditing, the NMAS server automatically loads the XDASv2 library.

12 Novell XDASv2 Administration Guide

, select xdasauditds option from the list of available modules,

+ 28 hidden pages

Novell XDASv2 Administration Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Novell XDASv2 Administration Guide

1Overview 9

2 Configuring XDASv2 11

3 iManager Plug-In for XDASv2 13

4 Troubleshooting 19

A XDASv2 Events 21

B XDASv2 Schema 33

About This Guide

Overview

1.1 Key Benefits

1.2 XDASv2 Server Architecture

Configuring XDASv2

2.1 Installing eDirectory XDASv2 Files

2.2 Configuring XDASv2 Property File

2.3 Configuring XDAS Events

2.4 Loading the Modules