JBOS-AS-000715 - JBoss must be configured to generate log records when concurrent logons from different workstations occur to the application server management interface.

Information

Concurrent logons from different systems could possibly indicate a compromised account. When concurrent logons are made from different workstations to the management interface, a log record needs to be generated. This configuration setting provides forensic evidence that allows the system administrator to investigate access to the system and determine if the duplicate access was authorized or not.

JBoss provides a multitude of different log formats, and API calls that log access to the system. If the default format and location is not used, the system admin must provide the configuration documentation and settings that show that this requirement is being met.

Solution

Launch the jboss-cli management interface.
Connect to the server by typing 'connect', authenticate as a user in the Superuser role, and run the following command:

For a Managed Domain configuration:
'host=master/server/<SERVERNAME>/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)'

For a Standalone configuration:
'/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)'

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_JBoss_EAP_6-3_V2R5_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c., CAT|II, CCI|CCI-000172, Rule-ID|SV-213556r961833_rule, STIG-ID|JBOS-AS-000715, STIG-Legacy|SV-76829, STIG-Legacy|V-62339, Vuln-ID|V-213556

Plugin: Unix

Control ID: 911fe9944871aa208bb43526e94ee1e7b4066b6396e15477d937f3c4bb4a4092