File permissions must be configured to protect log information from unauthorized modification.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-62253	JBOS-AS-000170	SV-76743r1_rule		Medium

Description
If log data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. When not configured to use a centralized logging solution like a syslog server, the JBoss EAP application server writes log data to log files that are stored on the OS; appropriate file permissions must be used to restrict modification. Log information includes all information (e.g., log records, log settings, transaction logs, and log reports) needed to successfully log information system activity. Application servers must protect log information from unauthorized modification.

Description

If log data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. When not configured to use a centralized logging solution like a syslog server, the JBoss EAP application server writes log data to log files that are stored on the OS; appropriate file permissions must be used to restrict modification. Log information includes all information (e.g., log records, log settings, transaction logs, and log reports) needed to successfully log information system activity. Application servers must protect log information from unauthorized modification.

STIG	Date
JBoss EAP 6.3 Security Technical Implementation Guide	2020-06-12

Details

Check Text ( C-63057r1_chk )
Examine the log file locations and inspect the file permissions. Interview the system admin to determine log file locations. The default location for the log files is: Standalone configuration: /standalone/log/ Managed Domain configuration: /domain/servers//log/ /domain/log/ Review the file permissions for the log file directories. The method used for identifying file permissions will be based upon the OS the EAP server is installed on. Identify all users with file permissions that allow them to modify log files. Request documentation from system admin that identifies the users who are authorized to modify log files. If unauthorized users are allowed to modify log files, or if documentation that identifies the users who are authorized to modify log files is missing, this is a finding.

Check Text ( C-63057r1_chk )

Examine the log file locations and inspect the file permissions. Interview the system admin to determine log file locations. The default location for the log files is:

Standalone configuration:
/standalone/log/

Managed Domain configuration:
/domain/servers//log/
/domain/log/

Review the file permissions for the log file directories. The method used for identifying file permissions will be based upon the OS the EAP server is installed on.

Identify all users with file permissions that allow them to modify log files.

Request documentation from system admin that identifies the users who are authorized to modify log files.

If unauthorized users are allowed to modify log files, or if documentation that identifies the users who are authorized to modify log files is missing, this is a finding.

Fix Text (F-68173r1_fix)
Configure the OS file permissions on the application server to protect log information from unauthorized modification.