Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-213505 | JBOS-AS-000095 | SV-213505r955990_rule | Medium |
Description |
---|
Session logging activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations. |
STIG | Date |
---|---|
JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide | 2024-02-26 |
Check Text ( C-14728r955989_chk ) |
---|
Log on to the OS of the JBoss server with OS permissions that allow access to JBoss. Using the relevant OS commands and syntax, cd to the Run the jboss-cli script to start the Command Line Interface (CLI). Connect to the server and authenticate. Run the command: For a Managed Domain configuration: "ls host=master/server= For a Standalone configuration: "ls /core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)" If "enabled" = false, this is a finding. |
Fix Text (F-14726r296182_fix) |
---|
Launch the jboss-cli management interface. Connect to the server by typing "connect", authenticate as a user in the Superuser role and run the following command: For a Managed Domain configuration: "host=master/server/ For a Standalone configuration: "/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)" |