An error occurred:

IBM WebSphere Liberty Server STIG Version Comparison

IBM WebSphere Liberty Server Security Technical Implementation Guide

Comparison

There are 3 differences between versions v1 r2 (Oct. 27, 2022) (the "left" version) and v2 r2 (April 2, 2025) (the "right" version).

Check IBMW-LS-000040 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

The WebSphere Liberty Server must log remote session and security activity.

Check Content

Review the ${server.config.dir}/server.xml file, file and ensure ensureaudit-1.0 audit-1.0 and appSecurity-2.0 are defined within the <featureManager> setting in the server.xml file. If audit-1.0 and appSecurity-2.0 are not defined within the <featureManager> setting in the server.xml file, this is a finding. EXAMPLE: <featureManager> <feature>audit-1.0</feature> <feature>appSecurity-3.0</feature> <feature>servlet-3.1</feature> <feature>ejbLite-3.1</feature> </featureManager> finding. EXAMPLE: <featureManager> <feature>audit-1.0</feature> <feature>appSecurity-3.0</feature> </featureManager>

Discussion

Security auditing must be configured in order to log remote session activity. Security auditing will not be performed unless the audit feature (audit-1.0) has been enabled. The security feature (appSecurity-2.0) must be enabled for the security auditing to capture security transactions. The servlet (servlet-3.1) feature must be enabled to generate web-based security events. The ejb (ejbLite-3.1) feature must be enabled to generate ejb-based security events. Remote session activity will then be logged, regardless of the user attempting that activity. Satisfies: SRG-APP-000016-AS-000013, SRG-APP-000080-AS-000045, SRG-APP-000089-AS-000050, SRG-APP-000091-AS-000052, SRG-APP-000095-AS-000056, SRG-APP-000096-AS-000059, SRG-APP-000097-AS-000060, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062, SRG-APP-000100-AS-000063, SRG-APP-000101-AS-000072, SRG-APP-000266-AS-000168, SRG-APP-000343-AS-000030, SRG-APP-000172-AS-000121

Fix

To log remote access events, the featureManager setting in the ${server.config.dir}/server.xml must contain the audit, audit appSecurity, and ejbLite appSecurity features. <featureManager> <feature>audit-1.0</feature> <feature>appSecurity-2.0</feature> </featureManager>