The WebSphere Application Server must remove organization-defined software components after updated versions have been installed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-81397	WBSP-AS-001740	SV-96111r1_rule		Medium

Description
By default, when updating WebSphere application server, the older version of binaries are saved in case a "roll back" is necessary. Not keeping the older version makes it more difficult for attackers to "revert" back to the older version.

STIG	Date
IBM WebSphere Traditional V9.x Security Technical Implementation Guide	2018-08-24

Details

Check Text ( C-81107r1_chk )
Review System Security Plan and system documentation to locate the "IBM InstallationManager" folder. Default locations are: UNIX: /opt/InstallationManager Windows: C:\Program Files\InstallationManager UNIX: /eclipse/tools/imcl -c Select "P" preferences. Select "3" Files for rollback. Windows: \eclipse\tools\imcl.exe -c Select "P" preferences. Select "3" Files for rollback. If "Save files for rollback" is checked, this is a finding.

Check Text ( C-81107r1_chk )

Review System Security Plan and system documentation to locate the "IBM InstallationManager" folder.

Default locations are:
UNIX:
/opt/InstallationManager

Windows:
C:\Program Files\InstallationManager

UNIX:
/eclipse/tools/imcl -c

Select "P" preferences.
Select "3" Files for rollback.

Windows:
\eclipse\tools\imcl.exe -c

Select "P" preferences.
Select "3" Files for rollback.

If "Save files for rollback" is checked, this is a finding.

Fix Text (F-88183r1_fix)
Review System Security Plan and system documentation to locate the "IBM InstallationManager" folder. Default locations are: UNIX: /opt/InstallationManager Windows: C:\Program Files\InstallationManager UNIX: /eclipse/tools/imcl -c Select "P" preferences. Select "3" Files for rollback. Enter "1" to deselect. Enter "A" for apply. Enter "R" to return to Main Menu. Windows: \eclipse\tools\imcl.exe -c Select "P" preferences. Select "3" Files for rollback. Enter "1" to deselect. Enter "A" for apply. Enter "R" to return to Main Menu.

Fix Text (F-88183r1_fix)

Review System Security Plan and system documentation to locate the "IBM InstallationManager" folder.

Default locations are:
UNIX:
/opt/InstallationManager

Windows:
C:\Program Files\InstallationManager

UNIX:
/eclipse/tools/imcl -c

Select "P" preferences.
Select "3" Files for rollback.
Enter "1" to deselect.
Enter "A" for apply.
Enter "R" to return to Main Menu.

Windows:
\eclipse\tools\imcl.exe -c

Select "P" preferences.
Select "3" Files for rollback.
Enter "1" to deselect.
Enter "A" for apply.
Enter "R" to return to Main Menu.