7 - File system permissions of log files

Information

In order to prevent modifications to your log files, you can restrict the OS permissions to only be readable/writable by the JBoss user.

Solution

In order to change the location of your log files you can use this Java property at startup jboss.domain.log.dir and set a different log directory (I.E. /var/log/jboss)

-Djboss.domain.log.dir=/var/log/jboss/

See Also

https://docs.jboss.org/author/display/AS72/Hardening+Guidelines

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|3.1

Plugin: Unix

Control ID: 4fed0ede2e1ea01af8227ba32e43db7a7a3ba495767b46a555d49da5de049ad4