The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-81197	WBSP-AS-000120	SV-95911r1_rule		Medium

Description
Without enabling repository checkpoints, you will not be able to determine the history of changes to WebSphere configuration files, and who made those changes.

STIG	Date
IBM WebSphere Traditional V9.x Security Technical Implementation Guide	2018-08-24

Details

Check Text ( C-80867r1_chk )
Review System Security Plan documentation. Identify the required "Automatic CheckPoint Depth" setting that has been defined. From administrative console, click System administration >> Extended repository service. If "Enable automatic repository checkpoints" is not selected or if the "automatic checkpoint depth" is less than the number of saves defined in the System Security Plan, this is a finding.

Check Text ( C-80867r1_chk )

Review System Security Plan documentation.

Identify the required "Automatic CheckPoint Depth" setting that has been defined.

From administrative console, click System administration >> Extended repository service.

If "Enable automatic repository checkpoints" is not selected or if the "automatic checkpoint depth" is less than the number of saves defined in the System Security Plan, this is a finding.

Fix Text (F-87975r1_fix)
From administrative console click System administration >> Extended repository service >> Enable automatic repository checkpoints. Enter a "checkpoint depth value" according to the security plan. Restart the DMGR and all the JVMs.