WBSP-AS-000960 - The WebSphere Application Server must be run as a non-admin user.

Information

Running WebSphere as an admin user gives attackers immediate admin privileges in the event the WebSphere processes are compromised.

Best practice is to operate the WebSphere server with an account that has limited OS privileges.

To configure system startup: https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.multiplatform.doc/ae/trun_processrestart.html

Solution

Ensure that WAS processes are started via the specified non-privileged OS user ID when running commands such as startManager, startNode, and startServer.

If startManager and startNode are in the system startup scripts, ensure that they are not started as the root user or admin user for Windows systems.

For example, in the UNIX system, the inittab entry may look like: 'was:235:respawn:/usr/WebSphere/AppServer/bin/rc.was >/dev/console 2>&1'.

Ensure the user is not a root user and is instead a regular OS user.

See Also

http://iasecontent.disa.mil/stigs/zip/U_IBM_WebSphere_Traditional_V9-x_V1R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-95991r1_rule, STIG-ID|WBSP-AS-000960, Vuln-ID|V-81277

Plugin: Unix

Control ID: 8deb68baa12ea589462bb2dc8041940a573d28e06561038c9cfc2b2a07d31fcf