5 - Granular Log Levels

Information

If your application is handling sensitive data or you are regulated by any data security compliance, you may want to reduce the log level of the sensitive classes of your application to avoid logging sensitive data on production system.

If your log file is for some reason compromised, the attacker may reach sensitive data stored in the logs if the class log level is not set up properly.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Review all <logger ...> entries and their levels to match requirements.

See Also

https://docs.jboss.org/author/display/AS72/Hardening+Guidelines

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(2)

Plugin: Unix

Control ID: af9d7779ff5c3e0bb0bfd6e4b59aa5d537fc1d3b17e89f4d80ebb1e181b8782d