UCF STIG Viewer Logo

JBoss servers must be configured to roll over and transfer logs on a minimum weekly basis.


Overview

Finding ID Version Rule ID IA Controls Severity
V-62345 JBOS-AS-000735 SV-76835r1_rule Medium
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Protecting log data is important during a forensic investigation to ensure investigators can track and understand what may have occurred. Off-loading should be set up as a scheduled task but can be configured to be run manually, if other processes during the off-loading are manual. Off-loading is a common process in information systems with limited log storage capacity.
STIG Date
JBoss EAP 6.3 Security Technical Implementation Guide 2020-06-12

Details

Check Text ( C-63149r1_chk )
If the JBoss server is configured to use a Syslog Handler, this is not a finding.

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.
Using the relevant OS commands and syntax, cd to the /bin/ folder.
Run the jboss-cli script.
Connect to the server and authenticate.

Determine if there is a periodic rotating file handler.

For a domain configuration run the following command; where is a variable for all of the servers in the domain. Usually "server-one", "server-two", etc.:

"ls /host=master/server=/subsystem=logging/periodic-rotating-file-handler="

For a standalone configuration run the command:
"ls /subsystem=logging/periodic-rotating-file-handler="

If the command does not return "FILE", this is a finding.

Review the /standalone/log folder for the existence of rotated logs, and ask the admin to demonstrate how rotated logs are packaged and transferred to another system on at least a weekly basis.
Fix Text (F-68265r1_fix)
Open the web-based management interface by opening a browser and pointing it to HTTPS://:9990/

Authenticate as a user with Admin rights.
Navigate to the "Configuration" tab.
Expand + Subsystems.
Expand + Core.
Select "Logging".
Select the "Handler" tab.
Select "Periodic".

If a periodic file handler does not exist, reference JBoss admin guide for instructions on how to create a file handler that will rotate logs on a daily basis.
Create scripts that package and off-load log data at least weekly.