Check: JBOS-AS-000120
JBoss Enterprise Application Platform 6.3 STIG:
JBOS-AS-000120
(in versions v2 r4 through v1 r1)
Title
JBoss must be configured to produce log records that establish which hosted application triggered the events. (Cat II impact)
Discussion
Application server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. By default, no web logging is enabled in JBoss. Logging can be configured per web application or by virtual server. If web application logging is not set up, application activity will not be logged. Ascertaining the correct location or process within the application server where the events occurred is important during forensic analysis. To determine where an event occurred, the log data must contain data containing the application identity.
Check Content
Application logs are a configurable variable. Interview the system admin, and have them identify the applications that are running on the application server. Have the system admin identify the log files/location where application activity is stored. Review the log files to ensure each application is uniquely identified within the logs or each application has its own unique log file. Generate application activity by either authenticating to the application or generating an auditable event, and ensure the application activity is recorded in the log file. Recently time stamped application events are suitable evidence of compliance. If the log records do not indicate which application hosted on the application server generated the event, or if no events are recorded related to application activity, this is a finding.
Fix Text
Configure log formatter to audit application activity so individual application activity can be identified.
Additional Identifiers
Rule ID: SV-213509r954778_rule
Vulnerability ID: V-213509
Group Title: SRG-APP-000097-AS-000060
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000132 |
The information system generates audit records containing information that establishes where the event occurred. |
Controls
Number | Title |
---|---|
AU-3 |
Content Of Audit Records |