STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

JBoss must be configured to produce log records that establish which hosted application triggered the events.

DISA Rule

SV-213509r615939_rule

Vulnerability Number

V-213509

Group Title

SRG-APP-000097-AS-000060

Rule Version

JBOS-AS-000120

Severity

CAT II

CCI(s)

CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.

Weight

Fix Recommendation

Configure log formatter to audit application activity so individual application activity can be identified.

Check Contents

Application logs are a configurable variable. Interview the system admin, and have them identify the applications that are running on the application server. Have the system admin identify the log files/location where application activity is stored.

Review the log files to ensure each application is uniquely identified within the logs or each application has its own unique log file.

Generate application activity by either authenticating to the application or generating an auditable event, and ensure the application activity is recorded in the log file. Recently time stamped application events are suitable evidence of compliance.

If the log records do not indicate which application hosted on the application server generated the event, or if no events are recorded related to application activity, this is a finding.

JBoss must be configured to produce log records that establish which hosted application triggered the events.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments