An error occurred:

Check: JBOS-AS-000710

JBoss Enterprise Application Platform 6.3 STIG: JBOS-AS-000710 (in version v2 r4)

Title

JBoss must be configured to generate log records that show starting and ending times for access to the application server management interface. (Cat II impact)

Discussion

Determining when a user has accessed the management interface is important to determine the timeline of events when a security incident occurs. Generating these events, especially if the management interface is accessed via a stateless protocol like HTTP, the log events will be generated when the user performs a logon (start) and when the user performs a logoff (end). Without these events, the user and later investigators cannot determine the sequence of events and therefore cannot determine what may have happened and by whom it may have been done. The generation of start and end times within log events allows the user to perform their due diligence in the event of a security breach.

Check Content

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss. Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder. Run the jboss-cli script to start the Command Line Interface (CLI). Connect to the server and authenticate. Run the command: For a Managed Domain configuration: "ls host=master/server=<SERVERNAME>/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)" For a Standalone configuration: "ls /core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)" If "enabled" = false, this is a finding.

Fix Text

Launch the jboss-cli management interface. Connect to the server by typing "connect", authenticate as a user in the Superuser role, and run the following command: For a Managed Domain configuration: "host=master/server/<SERVERNAME>/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)" For a Standalone configuration: "/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)"

Additional Identifiers

Rule ID: SV-213555r956012_rule

Vulnerability ID: V-213555

Group Title: SRG-APP-000505-AS-000230

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000172

The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-12

Audit Generation