UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Oracle WebLogic must use internal system clocks to generate time stamps for audit records.


Overview

Finding ID Version Rule ID IA Controls Severity
V-56257 WBLC-02-000093 SV-70511r1_rule Low
Description
Without the use of an approved and synchronized time source, configured on the systems, events cannot be accurately correlated and analyzed to determine what is transpiring within the application server. If an event has been triggered on the network, and the application server is not configured with the correct time, the event may be seen as insignificant, when in reality the events are related and may have a larger impact across the network. Synchronization of system clocks is needed in order to correctly correlate the timing of events that occur across multiple systems. Determining the correct time a particular event occurred on a system, via time stamps, is critical when conducting forensic analysis and investigating system events. Application servers must utilize the internal system clock when generating time stamps and audit records.
STIG Date
Oracle WebLogic Server 12c Security Technical Implementation Guide 2016-02-03

Details

Check Text ( C-56809r4_chk )
1. Access EM
2. Select the domain from the navigation tree, and use the dropdown to select 'WebLogic Domain' -> 'Security' -> 'Security Provider Configuration'
3. Beneath 'Audit Service' section, click 'Configure' button
4. Ensure the 'Timezone Settings' radio button is set to 'UTC' so audit logs will be time stamped in Coordinated Universal Time regardless of the time zone of the underlying physical or virtual machine
5. The time stamp will be recorded according to the operating system's set time

If the 'Timezone Settings' radio button is not set to 'UTC', this is a finding.
Fix Text (F-61137r4_fix)
1. Access EM
2. Select the domain from the navigation tree, and use the dropdown to select 'WebLogic Domain' -> 'Security' -> 'Security Provider Configuration'
3. Beneath 'Audit Service' section, click 'Configure' button
4. Set the 'Timezone Settings' radio button to 'UTC' so audit logs will be time stamped in Coordinated Universal Time regardless of the time zone of the underlying physical or virtual machine
5. The time stamp will be recorded according to the operating system's set time
6. Click 'Apply' and restart the servers in the WebLogic domain