JBOS-AS-000120 - JBoss must be configured to produce log records that establish which hosted application triggered the events.

Information

Application server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined.

By default, no web logging is enabled in JBoss. Logging can be configured per web application or by virtual server. If web application logging is not set up, application activity will not be logged.

Ascertaining the correct location or process within the application server where the events occurred is important during forensic analysis. To determine where an event occurred, the log data must contain data containing the application identity.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure log formatter to audit application activity so individual application activity can be identified.

Item Details

Audit Name: DISA JBoss Enterprise Application Platform 6.3 STIG v2r6

Category: AUDIT AND ACCOUNTABILITY

Plugin: Unix

Control ID: 7a0b8d98f740ca66e56e626adaa52fab5581d0f75f9bdc2b3310828adfa0963d

Detections

Analytics

JBOS-AS-000120 - JBoss must be configured to produce log records that establish which hosted application triggered the events.

Information

Solution

See Also

Item Details