The WebSphere Liberty Server must log remote session and security activity.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-250325	IBMW-LS-000040	SV-250325r862971_rule		Medium

Description
Security auditing must be configured in order to log remote session activity. Security auditing will not be performed unless the audit feature (audit-1.0) has been enabled. The security feature (appSecurity-2.0) must be enabled for the security auditing to capture security transactions. The servlet (servlet-3.1) feature must be enabled to generate web-based security events. The ejb (ejbLite-3.1) feature must be enabled to generate ejb-based security events. Remote session activity will then be logged, regardless of the user attempting that activity. Satisfies: SRG-APP-000016-AS-000013, SRG-APP-000080-AS-000045, SRG-APP-000089-AS-000050, SRG-APP-000091-AS-000052, SRG-APP-000095-AS-000056, SRG-APP-000096-AS-000059, SRG-APP-000097-AS-000060, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062, SRG-APP-000100-AS-000063, SRG-APP-000101-AS-000072, SRG-APP-000266-AS-000168, SRG-APP-000343-AS-000030, SRG-APP-000172-AS-000121

Description

Security auditing must be configured in order to log remote session activity. Security auditing will not be performed unless the audit feature (audit-1.0) has been enabled. The security feature (appSecurity-2.0) must be enabled for the security auditing to capture security transactions. The servlet (servlet-3.1) feature must be enabled to generate web-based security events. The ejb (ejbLite-3.1) feature must be enabled to generate ejb-based security events. Remote session activity will then be logged, regardless of the user attempting that activity. Satisfies: SRG-APP-000016-AS-000013, SRG-APP-000080-AS-000045, SRG-APP-000089-AS-000050, SRG-APP-000091-AS-000052, SRG-APP-000095-AS-000056, SRG-APP-000096-AS-000059, SRG-APP-000097-AS-000060, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062, SRG-APP-000100-AS-000063, SRG-APP-000101-AS-000072, SRG-APP-000266-AS-000168, SRG-APP-000343-AS-000030, SRG-APP-000172-AS-000121

STIG	Date
IBM WebSphere Liberty Server Security Technical Implementation Guide	2022-09-09

Details

Check Text ( C-53760r862969_chk )
Review the ${server.config.dir}/server.xml file, ensureaudit-1.0 and appSecurity-2.0 are defined within the setting in the server.xml file. If audit-1.0 and appSecurity-2.0 are not defined within the setting in the server.xml file, this is a finding. EXAMPLE: audit-1.0 appSecurity-3.0 servlet-3.1 ejbLite-3.1

Fix Text (F-53714r862970_fix)
To log remote access events, the featureManager setting in the ${server.config.dir}/server.xml must contain the audit, appSecurity, and ejbLite features. audit-1.0 appSecurity-2.0