STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

The WLST_PROPERTIES environment variable defined for the OHS WebLogic Scripting Tool must be updated to reference an appropriate trust store so that it can communicate with the Node Manager supporting OHS.

DISA Rule

SV-79107r1_rule

Vulnerability Number

V-64617

Group Title

SRG-APP-000516-WSR-000174

Rule Version

OH12-1X-000189

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

1. Open $ORACLE_HOME/ohs/common/bin/setWlstEnv.sh. with an editor. If the file does not exist, create the file.

2. Set "WLST_PROPERTIES" environment variable to a valid trust keystore containing the Certificate Authority and Chain of Node Manager identity, add the property if it does not exist.

3. Issue a "chmod 750 $ORACLE_HOME/ohs/common/bin/setWlstEnv.sh' to modify the permissions of the script.

Check Contents

1. Check for the existence of $ORACLE_HOME/ohs/common/bin/setWlstEnv.sh.

2a. If the setWlstEnv.sh does not exist or does not contain the "WLST_PROPERTIES" environment variable set to a valid trust keystore containing the Certificate Authority and Chain of the Node Manager identity, this is a finding.
2b. If the setWlstenv.sh file does not exist, this is a finding.
2c. If the setWlstenv.sh file has permissions more permissive than 750, this is a finding.

The WLST_PROPERTIES environment variable defined for the OHS WebLogic Scripting Tool must be updated to reference an appropriate trust store so that it can communicate with the Node Manager supporting OHS.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments