UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

JBoss must be configured to produce log records that establish which hosted application triggered the events.


Overview

Finding ID Version Rule ID IA Controls Severity
V-62243 JBOS-AS-000120 SV-76733r1_rule Medium
Description
Application server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. By default, no web logging is enabled in JBoss. Logging can be configured per web application or by virtual server. If web application logging is not set up, application activity will not be logged. Ascertaining the correct location or process within the application server where the events occurred is important during forensic analysis. To determine where an event occurred, the log data must contain data containing the application identity.
STIG Date
JBoss EAP 6.3 Security Technical Implementation Guide 2015-11-09

Details

Check Text ( C-63047r1_chk )
Application logs are a configurable variable. Interview the system admin, and have them identify the applications that are running on the application server. Have the system admin identify the log files/location where application activity is stored.

Review the log files to ensure each application is uniquely identified within the logs or each application has its own unique log file.

Generate application activity by either authenticating to the application or generating an auditable event, and ensure the application activity is recorded in the log file. Recently time stamped application events are suitable evidence of compliance.

If the log records do not indicate which application hosted on the application server generated the event, or if no events are recorded related to application activity, this is a finding.
Fix Text (F-68163r1_fix)
Configure log formatter to audit application activity so individual application activity can be identified.