RANDOM_GENERATION Audit Event

Overview

Since version 10.5 a RANDOM_GENERATION audit event will be generated for any random number generated on the server (including Random Serial Numbers). The event will include the information about the caller of the random number generator and the size of the random number in bytes.

By default only failed events will be logged. To log all events, change the filter in the CS.cfg as follows:

log.instance.SignedAudit.filters.RANDOM_GENERATION=(Outcome=*)

then restart the server.

Examples

Submit a certificate request with this command:

$ pki client-cert-request uid=testuser

Then approve the request with this command:

$ pki -n caadmin ca-cert-request-review 7 --action approve

During the approval process the server will generate an 8-byte nonce, which generated from two 4-byte random numbers, so there will be two RANDOM_GENERATION events:

[AuditEvent=RANDOM_GENERATION][SubjectID=caadmin][Outcome=Success][Info=Caller;;
com.netscape.cms.servlet.cert.CertRequestDAO.reviewRequest(CertRequestDAO.java:1
51)+Size;;4] Random number generation
[AuditEvent=RANDOM_GENERATION][SubjectID=caadmin][Outcome=Success][Info=Caller;;
com.netscape.cms.servlet.cert.CertRequestDAO.reviewRequest(CertRequestDAO.java:1
51)+Size;;4] Random number generation

The Info attribute contains parameters separated by +, and each parameter consists of name-value pair separated with ;;. So the above Info contains:

• Caller: com.netscape.cms.servlet.cert.CertRequestDAO.reviewRequest(CertRequestDAO.java:151)

• Size: 4

If Random Serial Numbers is enabled, there will be an additional RANDOM_GENERATION event:

[AuditEvent=RANDOM_GENERATION][SubjectID=caadmin][Outcome=Success][Info=Caller;;
com.netscape.cmscore.dbs.CertificateRepository.getRandomNumber(CertificateReposi
tory.java:192)+Size;;4] Random number generation