Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62339 | JBOS-AS-000715 | SV-76829r1_rule | Medium |
Description |
---|
Concurrent logons from different systems could possibly indicate a compromised account. When concurrent logons are made from different workstations to the management interface, a log record needs to be generated. This configuration setting provides forensic evidence that allows the system administrator to investigate access to the system and determine if the duplicate access was authorized or not. JBoss provides a multitude of different log formats, and API calls that log access to the system. If the default format and location is not used, the system admin must provide the configuration documentation and settings that show that this requirement is being met. |
STIG | Date |
---|---|
JBoss EAP 6.3 Security Technical Implementation Guide | 2015-11-09 |
Check Text ( C-63143r1_chk ) |
---|
Log on to the OS of the JBoss server with OS permissions that allow access to JBoss. Using the relevant OS commands and syntax, cd to the Run the jboss-cli script to start the Command Line Interface (CLI). Connect to the server and authenticate. Run the command: For a Managed Domain configuration: "ls host=master/server/ For a Standalone configuration: "ls /core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)" If "enabled" = false, this is a finding. |
Fix Text (F-68259r1_fix) |
---|
Launch the jboss-cli management interface. Connect to the server by typing "connect", authenticate as a user in the Superuser role, and run the following command: For a Managed Domain configuration: "host=master/server/ For a Standalone configuration: "/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)" |