AuditKeyStoreCommands command group for the AdminTask object

You can use the Jython scripting language to configure the security auditing system with the wsadmin tool. Use the commands and parameters in the AuditKeyStoreCommands group to configure audit keystores in the security auditing system.

Use the following commands to manage audit key stores in the audit.xml configuration file:

createAuditKeyStore

Creates a keystore in the audit.xml file. The system uses this keystore to encrypt audit records.

The user must have the auditor administrative role to run this command.

Target object

None.

Required parameters

-keyStoreName
Specifies the unique name of the keystore. (String, required)
-keyStoreType
Specifies a valid keystore type. The default keystore type is PKCS12. (String, required)
-keyStoreLocation
Specifies the location where the system creates the keystore. (String, required)
-keyStorePassword
Specifies the password for the keystore. (String, required)
-keyStorePasswordVerify
Verifies the password for the keystore. (String, required)

Optional parameters

-keyStoreProvider
Specifies a provider for the keystore. (String, optional)
-keyStoreIsFileBased
Specifies if the keystore is file-based. The default is true. (Boolean, optional)
-keyStoreHostList
Specifies the host list for the keystore. (String, optional)
-keyStoreInitAtStartup
Specifies whether the system initializes the keystore on startup. The default is false. (Boolean, optional)
-keyStoreReadOnly
Specifies whether the keystore is read-only or not. Default is false. (Boolean, optional)
-keyStoreStashFile
Specifies whether the keystore needs a stash file. (Boolean, optional)
-enableCryptoOperations
Specifies whether the keystore is an acceleration keystore. False default. (Boolean, optional)
-scopeName
Specifies the scope for the keystore. (String, optional)
-keyStoreDescription
Specifies a description for the keystore. (String, optional)

Return value

The command returns the ID of the new keystore, as the following example displays:
KeyStore_1173199825578

Batch mode example usage

  • Using Jython string: 
    AdminTask.createAuditKeyStore('-keyStoreName mynewkeystore -keyStoreLocation 
c:\install_root\appserver\profiles\AppSrv01\config\cells -keyStorePassword 
myPwd -keyStorePasswordVerify myPwd -keyStoreProvider IBMJCE -scopeName (cell):Node04Cell')
  • Using Jython list:
    AdminTask.createAuditKeyStore(['-keyStoreName', 'mynewkeystore', '-keyStoreLocation', 
'c:\install_root\appserver\profiles\AppSrv01\config\cells', '-keyStorePassword', 
'myPwd', '-keyStorePasswordVerify', 'myPwd', '-keyStoreProvider', 'IBMJCE', 
'-scopeName', '(cell):Node04Cell'])

Interactive mode example usage

  • Using Jython:
    AdminTask.createAuditKeyStore('-interactive')

deleteAuditKeyStore

The deleteAuditKeyStore command removes the reference to an audit keystore from the audit.xml configuration file.

The user must have the auditor administrative role to run this command.

Target object

None.

Required parameters

-keyStoreName
Specifies the name of the keystore. (String, required)

Optional parameters

-scopeName
Specifies the management scope of the keystore. (String, optional)
-removeKeyStoreFile
Specifies whether to remove the keystore from the configuration. Specify this parameter if the keystore of interest is not in use. (Boolean, optional)

Return value

The command returns a value of true if the system successfully removes the reference to the keystore from the audit.xml configuration file.

Batch mode example usage

  • Using Jython string: 
    AdminTask.deleteAuditKeyStore('-keyStoreName AuditDefaultKeyStore -scopeName 
(cell):Node04Cell -removeKeyStoreFile false')
  • Using Jython list:
    AdminTask.deleteAuditKeyStore(['-keyStoreName', 'AuditDefaultKeyStore', '-scopeName', 
'(cell):Node04Cell', '-removeKeyStoreFile', 'false'])

Interactive mode example usage

  • Using Jython:
    AdminTask.deleteAuditKeyStore('-interactive')

getAuditKeyStoreInfo

The getAuditKeyStoreInfo command returns a list of attributes for the keystore that the system uses to encrypt audit records.

The user must have the monitor administrative role to run this command.

Target object

None.

Required parameters

-keyStoreName
Specifies the unique name to identify the keystore. (String, required)

Optional parameters

-scopeName
Specifies the management scope of the keystore. (String, optional)

Return value

The command returns a list of attributes for the keystore, as the following sample output displays:
{{location ${CONFIG_ROOT}/audittrust.p12}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1173199825578}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{createStashFileForCMS false}
{description {keyStore description}}
{readOnly false}
{initializeAtStartup true}
{managementScope (cells/Node04Cell|audit.xml#ManagementScope_1173199825608)}

Batch mode example usage

  • Using Jython string: 
    AdminTask.getAuditKeyStoreInfo('-keyStoreName AuditDefaultKeyStore')
  • Using Jython list:
    AdminTask.getAuditKeyStoreInfo(['-keyStoreName', 'AuditDefaultKeyStore'])

Interactive mode example usage

  • Using Jython:
    AdminTask.getAuditKeyStoreInfo('-interactive')

listAuditKeyStores

The listAuditKeyStores command lists the attributes for the audit keystores within a specific management scope or for all audit keystores.

The user must have the monitor administrative role to run this command.

Target object

None.

Optional parameters

-scopeName
Specifies the management scope associated with the keystores of interest. (String, optional)
-all
Specifies whether to list all keystores. When the -all parameter is set as true, it overrides the -scopeName parameter. (Boolean, optional)

Return value

The command returns a list of attributes for the scope of interest, as the following sample output displays:
{{location ${CONFIG_ROOT}/audittrust.p12}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1173199825578}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{keyStoreRef KeyStore_1173199825578}
{createStashFileForCMS false}
{description {keyStore description}}
{managementScope (cells/Node04Cell|audit.xml#ManagementScope_1173199825608)}
{readOnly false}
{initializeAtStartup true}
{usage {}}
{provider IBMJCE}{name AuditDefaultKeyStore}}
{{location c:\install_root\appserver\profiles\AppSrv01\config\cells}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1184700968484}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{keyStoreRef KeyStore_1184700968484}
{createStashFileForCMS false}
{description {}}
{managementScope {}}
{readOnly false}
{initializeAtStartup false}
{usage {}}
{provider IBMJCE}
{name mykeystore}}

Batch mode example usage

  • Using Jython string: 
    AdminTask.listAuditKeyStores('-scopeName (cell):Node04Cell')
  • Using Jython list:
    AdminTask.listAuditKeyStores(['-scopeName', '(cell):Node04Cell'])

Interactive mode example usage

  • Using Jython:
    AdminTask.listAuditKeyStores('-interactive')

modifyAuditKeyStore

The modifyAuditKeyStore command modifies the keystore reference in the audit.xml file. The command edits keystore that encrypts audit records.

The user must have the auditor administrative role to run this command.

Target object

None.

Required parameters

-keyStoreName
Specifies the unique name of the keystore. (String, required)

Optional parameters

-scopeName
Specifies the scope name of this keystore. (String, optional)
-keyStoreType
Specifies valid keystore type. (String, optional)
-keyStoreLocation
Specifies the location where the system creates the keystore. (String, optional)
-keyStorePassword
Specifies the password for this keystore. (String, optional)
-keyStoreIsFileBased
Specifies whether the keystore is file based. (Boolean, optional)
-keyStoreInitAtStartup
Specifies whether the system should initialize the keystore at startup. (Boolean, optional)
-keyStoreReadOnly
Specifies whether the keystore is read-only or editable. (Boolean, optional)
-keyStoreDescription
Specifies a description for the keystore. (String, optional)

Return value

The command returns a value of true if the system successfully modifies the keystore.

Batch mode example usage

  • Using Jython string: 
    AdminTask.modifyAuditKeyStore('-keyStoreName AuditDefaultKeyStore -scopeName 
(cell):Node04Cell -keyStoreType PKCS12 -keyStoreLocation 
c:\install_root\appserver\profiles\AppSrv01\config\cells\Node04Cell\audittrust.p12 
-keyStorePassword myPwd')
  • Using Jython list:
    AdminTask.modifyAuditKeyStore(['-keyStoreName', 'AuditDefaultKeyStore', '-scopeName', 
'(cell):Node04Cell', '-keyStoreType', 'PKCS12', '-keyStoreLocation', 
'c:\install_root\appserver\profiles\AppSrv01\config\cells\Node04Cell\audittrust.p12', 
'-keyStorePassword', 'myPwd'])

Interactive mode example usage

  • Using Jython:
    AdminTask.modifyAuditKeyStore('-interactive')