JBOS-AS-000720 - JBoss must be configured to generate log records for all account creations, modifications, disabling, and termination events.

Information

The maintenance of user accounts is a key activity within the system to determine access and privileges. Through changes to accounts, an attacker can create an account for persistent access, modify an account to elevate privileges, or terminate/disable an account(s) to cause a DoS for user(s). To be able to track and investigate these actions, log records must be generated for any account modification functions.

Application servers either provide a local user store, or they can integrate with enterprise user stores like LDAP. As such, the application server must be able to generate log records on account creation, modification, disabling, and termination.

Solution

Launch the jboss-cli management interface.
Connect to the server by typing 'connect', authenticate as a user in the Superuser role, and run the following command:

For a Managed Domain configuration:
'host=master/server/<SERVERNAME>/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)'

For a Standalone configuration:
'/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)'

Item Details

Audit Name: DISA JBoss Enterprise Application Platform 6.3 STIG v2r6

Category: AUDIT AND ACCOUNTABILITY

Plugin: Unix

Control ID: 7668b161ffbe8c1faee5881950d963fc64c0d5635e0f1ab63b4c89b6b57f8844

Detections

Analytics

JBOS-AS-000720 - JBoss must be configured to generate log records for all account creations, modifications, disabling, and termination events.

Information

Solution

See Also

Item Details