Free DISA STIG and SRG Library | Vaulted

V-62233

JBoss must be configured to allow only the ISSM (or individuals or roles appointed by the ISSM) to select which loggable events are to be logged.

Finding ID
JBOS-AS-000085
Rule ID
SV-76723r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000090-AS-000051
CCI
CCI-000171
Target Key
(None)
Documentable
No
Discussion

The JBoss server must be configured to select which personnel are assigned the role of selecting which loggable events are to be logged. In JBoss, the role designated for selecting auditable events is the "Auditor" role. The personnel or roles that can select loggable events are only the ISSM (or individuals or roles appointed by the ISSM).

Fix Text

Obtain documented approvals from ISSM, and assign the appropriate personnel into the "Auditor" role.

Check Content

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss. Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder. Run the jboss-cli script to start the Command Line Interface (CLI). Connect to the server and authenticate. Run the command: For a Managed Domain configuration: "ls host=master/server/<SERVERNAME>/core-service=management/access=authorization/role-mapping=Auditor/include=" For a Standalone configuration: "ls /core-service=management/access=authorization/role-mapping=Auditor/include=" If the list of users in the Auditors group is not approved by the ISSM, this is a finding.