STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

File permissions must be configured to protect log information from any type of unauthorized read access.

DISA Rule

SV-213513r615939_rule

Vulnerability Number

V-213513

Group Title

SRG-APP-000118-AS-000078

Rule Version

JBOS-AS-000165

Severity

CAT II

CCI(s)

CCI-000162 - The information system protects audit information from unauthorized access.

Weight

Fix Recommendation

Configure the OS file permissions on the application server to protect log information from unauthorized read access.

Check Contents

Examine the log file locations and inspect the file permissions. Interview the system admin to determine log file locations. The default location for the log files is:

Standalone configuration:
<JBOSS_HOME>/standalone/log/

Managed Domain configuration:
<JBOSS_HOME>/domain/servers/<servername>/log/
<JBOSS_HOME>/domain/log/

Review the file permissions for the log file directories. The method used for identifying file permissions will be based upon the OS the EAP server is installed on.

Identify all users with file permissions that allow them to read log files.

Request documentation from system admin that identifies the users who are authorized to read log files.

If unauthorized users are allowed to read log files, or if documentation that identifies the users who are authorized to read log files is missing, this is a finding.

File permissions must be configured to protect log information from any type of unauthorized read access.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments