JBOS-AS-000170 - File permissions must be configured to protect log information from unauthorized modification.

Information

If log data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve.

When not configured to use a centralized logging solution like a syslog server, the JBoss EAP application server writes log data to log files that are stored on the OS; appropriate file permissions must be used to restrict modification.

Log information includes all information (e.g., log records, log settings, transaction logs, and log reports) needed to successfully log information system activity. Application servers must protect log information from unauthorized modification.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the OS file permissions on the application server to protect log information from unauthorized modification.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_JBoss_EAP_6-3_V2R4_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|II, CCI|CCI-000163, Rule-ID|SV-213514r954802_rule, STIG-ID|JBOS-AS-000170, STIG-Legacy|SV-76743, STIG-Legacy|V-62253, Vuln-ID|V-213514

Plugin: Unix

Control ID: e5e4f47945e11e59031216a3f254a02b84a86b56d227236bcd3210312d8ab872