Title

JBoss log records must be off-loaded onto a different system or system component a minimum of every seven days. (Cat II impact)

Discussion

JBoss logs by default are written to the local file system. A centralized logging solution like syslog should be used whenever possible; however, any log data stored to the file system needs to be off-loaded. JBoss EAP does not provide an automated backup capability. Instead, reliance is placed on OS or third-party tools to back up or off-load the log files. Protection of log data includes assuring log data is not accidentally lost or deleted. Off-loading log records to a different system or onto separate media from the system the application server is actually running on helps to assure that, in the event of a catastrophic system failure, the log records will be retained.

Check Content

Interview the system admin and obtain details on how the log files are being off-loaded to a different system or media. If the log files are not off-loaded a minimum of every 7 days, this is a finding.

Fix Text

Configure the application server to off-load log records every seven days onto a different system or media from the system being logged.

Additional Identifiers

Rule ID: SV-213516r954812_rule

Vulnerability ID: V-213516

Group Title: SRG-APP-000125-AS-000084

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.