STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

JBoss servers must be configured to roll over and transfer logs on a minimum weekly basis.

DISA Rule

SV-213559r615939_rule

Vulnerability Number

V-213559

Group Title

SRG-APP-000515-AS-000203

Rule Version

JBOS-AS-000735

Severity

CAT II

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Open the web-based management interface by opening a browser and pointing it to HTTPS://<EAP_SERVER>:9990/

Authenticate as a user with Admin rights.
Navigate to the "Configuration" tab.
Expand + Subsystems.
Expand + Core.
Select "Logging".
Select the "Handler" tab.
Select "Periodic".

If a periodic file handler does not exist, reference JBoss admin guide for instructions on how to create a file handler that will rotate logs on a daily basis.
Create scripts that package and off-load log data at least weekly.

Check Contents

If the JBoss server is configured to use a Syslog Handler, this is not a finding.

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.
Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder.
Run the jboss-cli script.
Connect to the server and authenticate.

Determine if there is a periodic rotating file handler.

For a domain configuration run the following command; where <SERVERNAME> is a variable for all of the servers in the domain. Usually "server-one", "server-two", etc.:

"ls /host=master/server=<SERVERNAME>/subsystem=logging/periodic-rotating-file-handler="

For a standalone configuration run the command:
"ls /subsystem=logging/periodic-rotating-file-handler="

If the command does not return "FILE", this is a finding.

Review the <JBOSS_HOME>/standalone/log folder for the existence of rotated logs, and ask the admin to demonstrate how rotated logs are packaged and transferred to another system on at least a weekly basis.

Vulnerability Number

V-213559

Documentable

False

Rule Version

JBOS-AS-000735

Severity Override Guidance

If the JBoss server is configured to use a Syslog Handler, this is not a finding.

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.
Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder.
Run the jboss-cli script.
Connect to the server and authenticate.

Determine if there is a periodic rotating file handler.

For a domain configuration run the following command; where <SERVERNAME> is a variable for all of the servers in the domain. Usually "server-one", "server-two", etc.:

"ls /host=master/server=<SERVERNAME>/subsystem=logging/periodic-rotating-file-handler="

For a standalone configuration run the command:
"ls /subsystem=logging/periodic-rotating-file-handler="

If the command does not return "FILE", this is a finding.

Review the <JBOSS_HOME>/standalone/log folder for the existence of rotated logs, and ask the admin to demonstrate how rotated logs are packaged and transferred to another system on at least a weekly basis.

Check Content Reference

M

Target Key

3987

Comments