WBLC-02-000081 - Oracle WebLogic must provide the ability to write specified audit record content to an audit log server.

Information

Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes, but is not limited to, time stamps, source and destination IP addresses, user/process identifiers, event descriptions, application specific events, success/fail indications, filenames involved, access control or flow control rules invoked.

Centralized management of audit records and logs provides for efficiency in maintenance and management of records, as well as the backup and archiving of those records. Application servers and their related components are required to be capable of writing logs to centralized audit log servers.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

1. Access AC
2. From 'Domain Structure', select 'Services' -> 'Data Sources'
3. Utilize 'Change Center' to create a new change session
4. Click 'New' data source to create a new data source for the audit data store using schema IAU_APPEND
5. Enter database details and JNDI name, click through wizard
6. Select all servers and clusters available as targets to deploy this data source to
7. Finish creating the data source and record the JNDI name
8. Access EM
9. Select the domain from the navigation tree, and use the dropdown to select 'WebLogic Domain' -> 'Security' -> 'Security Provider Configuration'
10. Beneath 'Audit Service' section, click 'Configure' button
11. Set the values for the IAU_APPEND schema and save configuration
12. Repeat steps 2-7 for data source named 'wls-wldf-storeDS' and WLS schema

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_WebLogic_Server_12c_V2R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), CAT|II, CCI|CCI-001851, Rule-ID|SV-235950r628628_rule, STIG-ID|WBLC-02-000081, STIG-Legacy|SV-70503, STIG-Legacy|V-56249, Vuln-ID|V-235950

Plugin: Unix

Control ID: 379feca32aafba043e50b4ee44663d52a2d8f4b02adc1610da7c1f0f9042dd9f