JBoss must be configured to allow only the ISSM (or individuals or roles appointed by the ISSM) to select which loggable events are to be logged.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-62233 | JBOS-AS-000085 | SV-76723r1_rule | Medium |
| Description |
|---|
| The JBoss server must be configured to select which personnel are assigned the role of selecting which loggable events are to be logged. In JBoss, the role designated for selecting auditable events is the "Auditor" role. The personnel or roles that can select loggable events are only the ISSM (or individuals or roles appointed by the ISSM). |
| STIG | Date |
|---|---|
| JBoss EAP 6.3 Security Technical Implementation Guide | 2020-06-12 |
Details
| Check Text ( C-63037r1_chk ) |
|---|
| Log on to the OS of the JBoss server with OS permissions that allow access to JBoss. Using the relevant OS commands and syntax, cd to the Run the jboss-cli script to start the Command Line Interface (CLI). Connect to the server and authenticate. Run the command: For a Managed Domain configuration: "ls host=master/server/ For a Standalone configuration: "ls /core-service=management/access=authorization/role-mapping=Auditor/include=" If the list of users in the Auditors group is not approved by the ISSM, this is a finding. |
| Fix Text (F-68153r1_fix) |
|---|
| Obtain documented approvals from ISSM, and assign the appropriate personnel into the "Auditor" role. |