JBOS-AS-000120 - JBoss must be configured to produce log records that establish which hosted application triggered the events.

Information

Application server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined.

By default, no web logging is enabled in JBoss. Logging can be configured per web application or by virtual server. If web application logging is not set up, application activity will not be logged.

Ascertaining the correct location or process within the application server where the events occurred is important during forensic analysis. To determine where an event occurred, the log data must contain data containing the application identity.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure log formatter to audit application activity so individual application activity can be identified.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_JBoss_EAP_6-3_V2R4_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, CAT|II, CCI|CCI-000132, Rule-ID|SV-213509r954778_rule, STIG-ID|JBOS-AS-000120, STIG-Legacy|SV-76733, STIG-Legacy|V-62243, Vuln-ID|V-213509

Plugin: Unix

Control ID: 8d4e78579eb7d58ce7409566aa213297eccbd776c74ade84ace0d704b36fb368