JBOS-AS-000135 - JBoss ROOT logger must be configured to utilize the appropriate logging level.

Information

Information system logging capability is critical for accurate forensic analysis. Log record content that may be necessary to satisfy the requirement of this control includes: time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked.

See Chapter 14, Section 14.1.9, Table 14.4 of the Red Hat JBoss EAP Administration and Configuration Guide version 6.3 for specific details on log levels and log level values.

The JBOSS application server ROOT logger captures all messages not captured by a log category and sends them to a log handler (FILE, CONSOLE, SYSLOG, ETC.). By default, the ROOT logger level is set to INFO, which is a value of 800. This will capture most events adequately. Any level numerically higher than INFO (> 800) records less data and may result in an insufficient amount of information being logged by the ROOT logger. This can result in failed forensic investigations. The ROOT logger level must be INFO level or lower to provide adequate log information.

Solution

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.
Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder.
Run the jboss-cli script to start the Command Line Interface (CLI).
Connect to the server and authenticate.

The PROFILE NAMEs included with a Managed Domain JBoss configuration are:
'default', 'full', 'full-ha' or 'ha'
For a Managed Domain configuration, you must check each profile name:

For each PROFILE NAME, run the command:
'/profile=<PROFILE NAME>/subsystem=logging/root-logger=ROOT:write-attribute(name=level,value=INFO)'

For a Standalone configuration:
'/subsystem=logging/root-logger=ROOT:write-attribute(name=level,value=INFO)'

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_JBoss_EAP_6-3_V2R4_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, CAT|II, CCI|CCI-001487, Rule-ID|SV-213512r954784_rule, STIG-ID|JBOS-AS-000135, STIG-Legacy|SV-76739, STIG-Legacy|V-62249, Vuln-ID|V-213512

Plugin: Unix

Control ID: ce2b33d8a01121bead04f947481a9c6df5c834f27222933218c2aad4768347f8