1.1 - SerializedSystemIni.dat Password File is not Protected

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

SerializedSystemIni.dat file contains the hashes for all the passwords in a WebLogic Server domain. It is associated with a specific WebLogic Server domain so it cannot be moved from domain to domain. If the SerializedSystemIni.dat file is destroyed or corrupted, the WebLogic Server domain would have to be configured again.

Loss of this file would result in a denial of service. On loss of this file the Weblogic server domain would have to be configured again.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

1. Make a backup copy of the SerializedSystemIni.dat file and put it in a safe location.
2. Set permissions on the SerializedSystemIni.dat file such that the system administrator of a WebLogic Server deployment has write and read privileges and no other users have any privileges.
3. Go to <system_drive>\bea\wlserver_10.0\samples\domains\wl_server\security\SerializedSystemIni.dat and change the permissions.

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-6(7), 800-53|CM-6, CSCv6|3.1

Plugin: Windows

Control ID: 479fb95a574af0ca272057bbb0fb6dc2e79e847603b9e0f4dd00a04066ee212b