STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-213537r615939_rule
V-213537
SRG-APP-000267-AS-000170
JBOS-AS-000425
CAT II
10
Configure file permissions on the JBoss log folder to protect from unauthorized access.
If the JBoss log folder is installed in the default location and AS-000133-JBOSS-00079 is not a finding, the log folders are protected and this requirement is not a finding.
By default, JBoss installs its log files into a sub-folder of the "jboss-eap-6.3" home folder.
Using a UNIX like OS example, the default location for log files is:
JBOSS_HOME/standalone/log
JBOSS_HOME/domain/log
For a standalone configuration:
JBOSS_HOME/standalone/log/server.log" Contains all server log messages, including server startup messages.
For a domain configuration:
JBOSS_HOME/domain/log/hostcontroller.log
Host Controller boot log. Contains log messages related to the startup of the host controller.
JBOSS_HOME/domain/log/processcontroller.log
Process controller boot log. Contains log messages related to the startup of the process controller.
JBOSS_HOME/domain/servers/SERVERNAME/log/server.log
The server log for the named server. Contains all log messages for that server, including server startup messages.
Log on with an OS user account with JBoss access and permissions.
Navigate to the "Jboss-eap-6.3" folder using the relevant OS commands for either a UNIX like OS or a Windows OS.
Examine the permissions of the JBoss logs folders.
Owner can be full access.
Group can be full access.
All others must be restricted.
If the JBoss log folder is world readable or world writeable, this is a finding.
V-213537
False
JBOS-AS-000425
If the JBoss log folder is installed in the default location and AS-000133-JBOSS-00079 is not a finding, the log folders are protected and this requirement is not a finding.
By default, JBoss installs its log files into a sub-folder of the "jboss-eap-6.3" home folder.
Using a UNIX like OS example, the default location for log files is:
JBOSS_HOME/standalone/log
JBOSS_HOME/domain/log
For a standalone configuration:
JBOSS_HOME/standalone/log/server.log" Contains all server log messages, including server startup messages.
For a domain configuration:
JBOSS_HOME/domain/log/hostcontroller.log
Host Controller boot log. Contains log messages related to the startup of the host controller.
JBOSS_HOME/domain/log/processcontroller.log
Process controller boot log. Contains log messages related to the startup of the process controller.
JBOSS_HOME/domain/servers/SERVERNAME/log/server.log
The server log for the named server. Contains all log messages for that server, including server startup messages.
Log on with an OS user account with JBoss access and permissions.
Navigate to the "Jboss-eap-6.3" folder using the relevant OS commands for either a UNIX like OS or a Windows OS.
Examine the permissions of the JBoss logs folders.
Owner can be full access.
Group can be full access.
All others must be restricted.
If the JBoss log folder is world readable or world writeable, this is a finding.
M
3987