STIGQter STIGQter: STIG Summary: JBoss EAP 6.3 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019: The JBoss server must be configured to utilize syslog logging.

DISA Rule

SV-76799r2_rule

Vulnerability Number

V-62309

Group Title

SRG-APP-000358-AS-000064

Rule Version

JBOS-AS-000505

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.

Using the relevant OS commands and syntax, cd to the “<JBOSS_HOME>/bin/” folder.

Run the “jboss-cli” script.
Connect to the server and authenticate.
To add a syslog handler:
Standalone configuration: "/subsystem=logging/syslog-handler=<HANDLER_NAME:add>"
Domain configuration: "/profile=default/subsystem=logging/syslog-handler=<HANDLER_NAME:add>"

To configure a syslog handler:
Standalone configuration. "/subsystem=logging/syslog-handler=<HANDLER_NAME:write-attribute(name=ATTRIBUTE_NAME, value=ATTRIBUTE_VALUE)" Domain configuration. "/profile=default/subsystem=logging/syslog-handler=<HANDLER_NAME:write-attribute(name=ATTRIBUTE_NAME, value=ATTRIBUTE_VALUE)"

*reference the RedHat web-site for the list of syslog handler attributes and corresponding values. Sample attributes include but are not limited to: port, enabled, app-name, level, server-address, hostname, etcetera.

Check Contents

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.
Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder.
Run the jboss-cli script.
Connect to the server and authenticate.
Run the command:

Standalone configuration:
"ls /subsystem=logging/syslog-handler="

Domain configuration:
"ls /profile=<specify>/subsystem=logging/syslog-handler="
Where <specify> = the selected application server profile of; default,full, full-ha or ha.

If no values are returned, this is a finding.

Vulnerability Number

V-62309

Documentable

False

Rule Version

JBOS-AS-000505

Severity Override Guidance

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.
Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder.
Run the jboss-cli script.
Connect to the server and authenticate.
Run the command:

Standalone configuration:
"ls /subsystem=logging/syslog-handler="

Domain configuration:
"ls /profile=<specify>/subsystem=logging/syslog-handler="
Where <specify> = the selected application server profile of; default,full, full-ha or ha.

If no values are returned, this is a finding.

Check Content Reference

M

Target Key

2923

Comments