Details

Logging must be utilized in order to track system activity, assist in diagnosing system issues, and provide evidence needed for forensic investigations post security incident.

Remote access by administrators requires that the admin activity be logged.

Application servers provide a web and command line-based remote management capability for managing the application server. Application servers must ensure that all actions related to administrative functionality such as application server configuration are logged.

Satisfies: SRG-APP-000016-AS-000013, SRG-APP-000343-AS-000030, SRG-APP-000089-AS-000050, SRG-APP-000495-AS-000220, SRG-APP-000499-AS-000224, SRG-APP-000503-AS-000228, SRG-APP-000504-AS-000229, SRG-APP-000505-AS-000230, SRG-APP-000506-AS-000231, SRG-APP-000093-AS-000054, SRG-APP-000095-AS-000056, SRG-APP-000097-AS-000060, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062, SRG-APP-000100-AS-000063, SRG-APP-000101-AS-000072, SRG-APP-000381-AS-000089, SRG-APP-000080-AS-000045

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

In the administrative console, navigate to Security >> Security auditing >> Event type Filters.

Click the ‘New’ button to create a new filter; give it a unique name.

Select SECURITY_AUTHN, SECURITY_AUTHZ, SECURITY_AUTHN_TERMINATE, and ADMIN_REPOSITORY_SAVE from ‘Selectable events’.

Add them to the ‘Enabled events’ box by clicking on the right arrow.

Select INFO, ERROR, SUCCESS, DENIED, REDIRECT, and WARNING from the ‘Selectable event outcomes’ box.

Click the right arrow to fill in ‘Enabled events outcomes’ box.

Click ‘OK’.

Restart the DMGR and all the JVMs.

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/U_IBM_WebSphere_Traditional_V9-x_V1R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Audit and Accountability, Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|AC-6(9)
• 800-53|AC-17(1)
• 800-53|AU-3
• 800-53|AU-3(1)
• 800-53|AU-12a.
• 800-53|AU-12c.
• 800-53|AU-14(2)
• 800-53|CM-5(1)
• CAT|II
• CCI|CCI-000067
• CCI|CCI-000130
• CCI|CCI-000132
• CCI|CCI-000133
• CCI|CCI-000134
• CCI|CCI-000135
• CCI|CCI-000169
• CCI|CCI-000172
• CCI|CCI-001462
• CCI|CCI-001487
• CCI|CCI-001814
• CCI|CCI-002234
• Rule-ID|SV-95923r1_rule
• STIG-ID|WBSP-AS-000100
• Vuln-ID|V-81209

Source

• Tenable.com/audits