Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The WebSphere Liberty Server must allocate JVM log record storage capacity in accordance with organization-defined log record storage requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-250343 | IBMW-LS-000830 | SV-250343r795113_rule | Medium |
| Description |
|---|
| JVM logs are logs used to store application and runtime related events, rather than audit related events. They are mainly used to diagnose application or runtime bugs. However, they are useful for providing more context when correlated with audit related events. By default, Liberty automatically logs the console.log, messages.log, and trace.log but these default settings must be validated. |
| STIG | Date |
|---|---|
| IBM WebSphere Liberty Server Security Technical Implementation Guide | 2021-08-30 |
Details
| Check Text ( C-53778r795080_chk ) |
|---|
| Review the ${server.config.dir}/bootstrap.properties file, verify console logging is not turned off. If the property com.ibm.ws.logging.console.log.level=OFF, this is a finding. Review the ${server.config.dir}/server.xml file and verify the logging traceSpecification setting is configured according to system capacity requirements. If the logging traceSpecification settings are not configured, this is a finding. EXAMPLE: |
| Fix Text (F-53732r795112_fix) |
|---|
| Edit the bootstrap.properties file and configure the com.ibm.ws.logging.console.log.level=ON. Edit the ${server.config.dir}/server.xml file. Configure EXAMPLE: where maxFileSize is set to the maximum file size defined in local policy and maxFiles is set to the maximum number of historical files defined in local policy and in accordance with system storage limits. |