AuditKeyStoreCommands command group for the AdminTask object
You can use the Jython scripting language to configure the security auditing system with the wsadmin tool. Use the commands and parameters in the AuditKeyStoreCommands group to configure audit keystores in the security auditing system.
createAuditKeyStore
Creates a keystore in the audit.xml file. The system uses this keystore to encrypt audit records.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
- -keyStoreName
- Specifies the unique name of the keystore. (String, required)
- -keyStoreType
- Specifies a valid keystore type. The default keystore type is PKCS12. (String, required)
- -keyStoreLocation
- Specifies the location where the system creates the keystore. (String, required)
- -keyStorePassword
- Specifies the password for the keystore. (String, required)
- -keyStorePasswordVerify
- Verifies the password for the keystore. (String, required)
Optional parameters
- -keyStoreProvider
- Specifies a provider for the keystore. (String, optional)
- -keyStoreIsFileBased
- Specifies if the keystore is file-based. The default is true. (Boolean, optional)
- -keyStoreHostList
- Specifies the host list for the keystore. (String, optional)
- -keyStoreInitAtStartup
- Specifies whether the system initializes the keystore on startup. The default is false. (Boolean, optional)
- -keyStoreReadOnly
- Specifies whether the keystore is read-only or not. Default is false. (Boolean, optional)
- -keyStoreStashFile
- Specifies whether the keystore needs a stash file. (Boolean, optional)
- -enableCryptoOperations
- Specifies whether the keystore is an acceleration keystore. False default. (Boolean, optional)
- -scopeName
- Specifies the scope for the keystore. (String, optional)
- -keyStoreDescription
- Specifies a description for the keystore. (String, optional)
Return value
KeyStore_1173199825578
Batch mode example usage
- Using Jython string:
AdminTask.createAuditKeyStore('-keyStoreName mynewkeystore -keyStoreLocation c:\install_root\appserver\profiles\AppSrv01\config\cells -keyStorePassword myPwd -keyStorePasswordVerify myPwd -keyStoreProvider IBMJCE -scopeName (cell):Node04Cell')
- Using Jython list:
AdminTask.createAuditKeyStore(['-keyStoreName', 'mynewkeystore', '-keyStoreLocation', 'c:\install_root\appserver\profiles\AppSrv01\config\cells', '-keyStorePassword', 'myPwd', '-keyStorePasswordVerify', 'myPwd', '-keyStoreProvider', 'IBMJCE', '-scopeName', '(cell):Node04Cell'])
Interactive mode example usage
- Using Jython:
AdminTask.createAuditKeyStore('-interactive')
deleteAuditKeyStore
The deleteAuditKeyStore command removes the reference to an audit keystore from the audit.xml configuration file.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
- -keyStoreName
- Specifies the name of the keystore. (String, required)
Optional parameters
- -scopeName
- Specifies the management scope of the keystore. (String, optional)
- -removeKeyStoreFile
- Specifies whether to remove the keystore from the configuration. Specify this parameter if the keystore of interest is not in use. (Boolean, optional)
Return value
The command returns a value of true if the system successfully removes the reference to the keystore from the audit.xml configuration file.
Batch mode example usage
- Using Jython string:
AdminTask.deleteAuditKeyStore('-keyStoreName AuditDefaultKeyStore -scopeName (cell):Node04Cell -removeKeyStoreFile false')
- Using Jython list:
AdminTask.deleteAuditKeyStore(['-keyStoreName', 'AuditDefaultKeyStore', '-scopeName', '(cell):Node04Cell', '-removeKeyStoreFile', 'false'])
Interactive mode example usage
- Using Jython:
AdminTask.deleteAuditKeyStore('-interactive')
getAuditKeyStoreInfo
The getAuditKeyStoreInfo command returns a list of attributes for the keystore that the system uses to encrypt audit records.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
- -keyStoreName
- Specifies the unique name to identify the keystore. (String, required)
Optional parameters
- -scopeName
- Specifies the management scope of the keystore. (String, optional)
Return value
{{location ${CONFIG_ROOT}/audittrust.p12}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1173199825578}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{createStashFileForCMS false}
{description {keyStore description}}
{readOnly false}
{initializeAtStartup true}
{managementScope (cells/Node04Cell|audit.xml#ManagementScope_1173199825608)}
Batch mode example usage
- Using Jython string:
AdminTask.getAuditKeyStoreInfo('-keyStoreName AuditDefaultKeyStore')
- Using Jython list:
AdminTask.getAuditKeyStoreInfo(['-keyStoreName', 'AuditDefaultKeyStore'])
Interactive mode example usage
- Using Jython:
AdminTask.getAuditKeyStoreInfo('-interactive')
listAuditKeyStores
The listAuditKeyStores command lists the attributes for the audit keystores within a specific management scope or for all audit keystores.
The user must have the monitor administrative role to run this command.
Target object
None.
Optional parameters
- -scopeName
- Specifies the management scope associated with the keystores of interest. (String, optional)
- -all
- Specifies whether to list all keystores. When the -all parameter is set as true, it overrides the -scopeName parameter. (Boolean, optional)
Return value
{{location ${CONFIG_ROOT}/audittrust.p12}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1173199825578}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{keyStoreRef KeyStore_1173199825578}
{createStashFileForCMS false}
{description {keyStore description}}
{managementScope (cells/Node04Cell|audit.xml#ManagementScope_1173199825608)}
{readOnly false}
{initializeAtStartup true}
{usage {}}
{provider IBMJCE}{name AuditDefaultKeyStore}}
{{location c:\install_root\appserver\profiles\AppSrv01\config\cells}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1184700968484}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{keyStoreRef KeyStore_1184700968484}
{createStashFileForCMS false}
{description {}}
{managementScope {}}
{readOnly false}
{initializeAtStartup false}
{usage {}}
{provider IBMJCE}
{name mykeystore}}
Batch mode example usage
- Using Jython string:
AdminTask.listAuditKeyStores('-scopeName (cell):Node04Cell')
- Using Jython list:
AdminTask.listAuditKeyStores(['-scopeName', '(cell):Node04Cell'])
Interactive mode example usage
- Using Jython:
AdminTask.listAuditKeyStores('-interactive')
modifyAuditKeyStore
The modifyAuditKeyStore command modifies the keystore reference in the audit.xml file. The command edits keystore that encrypts audit records.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
- -keyStoreName
- Specifies the unique name of the keystore. (String, required)
Optional parameters
- -scopeName
- Specifies the scope name of this keystore. (String, optional)
- -keyStoreType
- Specifies valid keystore type. (String, optional)
- -keyStoreLocation
- Specifies the location where the system creates the keystore. (String, optional)
- -keyStorePassword
- Specifies the password for this keystore. (String, optional)
- -keyStoreIsFileBased
- Specifies whether the keystore is file based. (Boolean, optional)
- -keyStoreInitAtStartup
- Specifies whether the system should initialize the keystore at startup. (Boolean, optional)
- -keyStoreReadOnly
- Specifies whether the keystore is read-only or editable. (Boolean, optional)
- -keyStoreDescription
- Specifies a description for the keystore. (String, optional)
Return value
The command returns a value of true if the system successfully modifies the keystore.
Batch mode example usage
- Using Jython string:
AdminTask.modifyAuditKeyStore('-keyStoreName AuditDefaultKeyStore -scopeName (cell):Node04Cell -keyStoreType PKCS12 -keyStoreLocation c:\install_root\appserver\profiles\AppSrv01\config\cells\Node04Cell\audittrust.p12 -keyStorePassword myPwd')
- Using Jython list:
AdminTask.modifyAuditKeyStore(['-keyStoreName', 'AuditDefaultKeyStore', '-scopeName', '(cell):Node04Cell', '-keyStoreType', 'PKCS12', '-keyStoreLocation', 'c:\install_root\appserver\profiles\AppSrv01\config\cells\Node04Cell\audittrust.p12', '-keyStorePassword', 'myPwd'])
Interactive mode example usage
- Using Jython:
AdminTask.modifyAuditKeyStore('-interactive')