STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server admin console session timeout must be configured.

DISA Rule

SV-95909r1_rule

Vulnerability Number

V-81195

Group Title

SRG-APP-000295-AS-000263

Rule Version

WBSP-AS-000020

Severity

CAT II

CCI(s)

• CCI-002361 - The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect.

Weight

10

Fix Recommendation

Locate the deployment.xml file. The default file locations where deployment.xml is installed are provided below.

UNIX:
/opt/IBM/WebSphere/Profiles/DefaultDmgr01/config/cells/<CELL NAME>/applications/isclite.ear/deployments/isclite/

Windows:
C:\Program Files\IBM\WebSphere\Profiles\DefaultDmgr01\config\cells\<CELL NAME>\applications\isclite.ear\deployments\isclite\

Make a backup copy of the deployment.xml file.

Edit the deployment.xml file.

Modify the "invalidationtimeout=" value and set to "10".

Restart the DMGR and all the JVMs.

Check Contents

Review System Security Plan and system configuration documentation.

Access the Deployment Manager (DMGR) operating system.

Locate the deployment.xml file. The default file location where deployment.xml is installed are provided below.

UNIX:
/opt/IBM/WebSphere/Profiles/DefaultDmgr01/config/cells/<CELL NAME>/applications/isclite.ear/deployments/isclite/

Windows:
C:\Program Files\IBM\WebSphere\Profiles\DefaultDmgr01\config\cells\<CELL NAME>\applications\isclite.ear\deployments\isclite\

Search the deployment.xml file for the string, "invalidationtimeout="

UNIX:
grep -i invalidationtimeout $PATH/deployment.xml

Windows:
findstr -I invalidationtimeout= $PATH\deployment.xml

The value is expressed in minutes and the default value is set to "30 minutes".

If "invalidationtimeout" is not set to "10 minutes", this is a finding.

Vulnerability Number

V-81195

Documentable

False

Rule Version

WBSP-AS-000020

Severity Override Guidance

Review System Security Plan and system configuration documentation.

Access the Deployment Manager (DMGR) operating system.

Locate the deployment.xml file. The default file location where deployment.xml is installed are provided below.

UNIX:
/opt/IBM/WebSphere/Profiles/DefaultDmgr01/config/cells/<CELL NAME>/applications/isclite.ear/deployments/isclite/

Windows:
C:\Program Files\IBM\WebSphere\Profiles\DefaultDmgr01\config\cells\<CELL NAME>\applications\isclite.ear\deployments\isclite\

Search the deployment.xml file for the string, "invalidationtimeout="

UNIX:
grep -i invalidationtimeout $PATH/deployment.xml

Windows:
findstr -I invalidationtimeout= $PATH\deployment.xml

The value is expressed in minutes and the default value is set to "30 minutes".

If "invalidationtimeout" is not set to "10 minutes", this is a finding.

Check Content Reference

M

Target Key

3399

Comments