Details

Application server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined.

By default, no web logging is enabled in JBoss. Logging can be configured per web application or by virtual server. If web application logging is not set up, application activity will not be logged.

Ascertaining the correct location or process within the application server where the events occurred is important during forensic analysis. To determine where an event occurred, the log data must contain data containing the application identity.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure log formatter to audit application activity so individual application activity can be identified.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_JBoss_EAP_6-3_V2R2_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

• 800-53|AU-3
• CAT|II
• CCI|CCI-000132
• Rule-ID|SV-213509r615939_rule
• STIG-ID|JBOS-AS-000120
• STIG-Legacy|SV-76733
• STIG-Legacy|V-62243
• Vuln-ID|V-213509

Source

• Tenable.com/audits