JBOS-AS-000480 - The JBoss server must be configured to log all admin activity.

Information

In order to be able to provide a forensic history of activity, the application server must ensure users who are granted a privileged role or those who utilize a separate distinct account when accessing privileged functions or data have their actions logged.

If privileged activity is not logged, no forensic logs can be used to establish accountability for privileged actions that occur on the system.

Solution

Launch the jboss-cli management interface substituting standalone or domain for <CONFIG> based upon the server installation.

<JBOSS_HOME>/<CONFIG>/bin/jboss-cli

connect to the server and run the following command:

/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_JBoss_EAP_6-3_V2R4_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(9), CAT|II, CCI|CCI-002234, Rule-ID|SV-213540r955088_rule, STIG-ID|JBOS-AS-000480, STIG-Legacy|SV-76797, STIG-Legacy|V-62307, Vuln-ID|V-213540

Plugin: Unix

Control ID: 4c2367e6283f63235ce84afc16f149472ed1d8a8a809a15abf103702d809d639