Detections
Analytics
IBMW-LS-001190 - The WebSphere Liberty Server must generate log records for authentication and authorization events.
Information
Enabling authentication (SECURITY_AUTHN) and authorization (SECURITY_AUTHZ) event handlers configures the server to record security authorization and authentication events. By logging these events, the logs can be analyzed to identify activity that could be related to security events and to aid post mortem forensic analysis.Satisfies: SRG-APP-000499-AS-000224, SRG-APP-000495-AS-000220, SRG-APP-000503-AS-000228, SRG-APP-000504-AS-000229, SRG-APP-000505-AS-000230, SRG-APP-000506-AS-000231, SRG-APP-000509-AS-000234, SRG-APP-000092-AS-000053
Solution
Modify the ${server.config.dir}/server.xml file and configure the audit-1.0 feature.<featureManager>
<feature>audit-1.0</feature>
</featureManager>
Configure the auditFileHandler setting to record SECURITY_AUTHN and SECURITY_AUTHZ events.
<auditFileHandler>
<events name="AllAuthn" eventName="SECURITY_AUTHN"/>
<events name="AllAuthz" eventName="SECURITY_AUTHZ" />
</auditFileHandler>
Review audit logs located under the ${server.config.dir}/logs directory and ensure AUTHN and AUTHZ events are logged.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_WebSphere_Liberty_Server_V2R4_STIG.zip
Item Details
Audit Name: DISA IBM WebSphere Liberty Server STIG v2r4
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-12c., 800-53|AU-14(1), CAT|II, CCI|CCI-000172, CCI|CCI-001464, Rule-ID|SV-250350r961812_rule, STIG-ID|IBMW-LS-001190, Vuln-ID|V-250350
Plugin: Unix
Control ID: e560b1912bfe8a40cd1872521b299d8c2da5548144e3847b363bfd3bb3f4c9cc