STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server audit event type filters must be configured.

DISA Rule

SV-95923r1_rule

Vulnerability Number

V-81209

Group Title

SRG-APP-000016-AS-000013

Rule Version

WBSP-AS-000100

Severity

CAT II

CCI(s)

• CCI-000067 - The information system monitors remote access methods.
• CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.
• CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.
• CCI-000133 - The information system generates audit records containing information that establishes the source of the event.
• CCI-000134 - The information system generates audit records containing information that establishes the outcome of the event.
• CCI-000135 - The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.
• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.
• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.
• CCI-001462 - The information system provides the capability for authorized users to capture/record and log content related to a user session.
• CCI-001487 - The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event.
• CCI-001814 - The Information system supports auditing of the enforcement actions.
• CCI-002234 - The information system audits the execution of privileged functions.

Weight

10

Fix Recommendation

In the administrative console, navigate to Security >> Security auditing >> Event type Filters.

Click the "New" button to create a new filter; give it a unique name.

Select SECURITY_AUTHN, SECURITY_AUTHZ, SECURITY_AUTHN_TERMINATE, and ADMIN_REPOSITORY_SAVE from "Selectable events".

Add them to the "Enabled events" box by clicking on the right arrow.

Select INFO, ERROR, SUCCESS, DENIED, REDIRECT, and WARNING from the "Selectable event outcomes" box.

Click the right arrow to fill in "Enabled events outcomes" box.

Click "OK".

Restart the DMGR and all the JVMs.

Check Contents

In the administrative console, navigate to Security >> Security auditing >> Event type Filters.

Verify the following events and outcomes are enabled in the "Events and Outcomes" box. Also note the name of the filter associated with these events. This name will be referenced in STIG ID WBSP-AS-000110.

AUTHN:
SUCCESS,INFO,WARNING,ERROR,DENIED,REDIRECT

AUTHZ:
SUCCESS,INFO,WARNING,ERROR,DENIED,REDIRECT

AUTHN_TERMINATE:
SUCCESS,INFO,WARNING,ERROR,DENIED,REDIRECT

REPOSITORY_SAVE: SUCCESS,INFO,WARNING,ERROR,DENIED,REDIRECT

If these audit filters are not configured in "Events and Outcomes", this is a finding.

Vulnerability Number

V-81209

Documentable

False

Rule Version

WBSP-AS-000100

Severity Override Guidance

In the administrative console, navigate to Security >> Security auditing >> Event type Filters.

Verify the following events and outcomes are enabled in the "Events and Outcomes" box. Also note the name of the filter associated with these events. This name will be referenced in STIG ID WBSP-AS-000110.

AUTHN:
SUCCESS,INFO,WARNING,ERROR,DENIED,REDIRECT

AUTHZ:
SUCCESS,INFO,WARNING,ERROR,DENIED,REDIRECT

AUTHN_TERMINATE:
SUCCESS,INFO,WARNING,ERROR,DENIED,REDIRECT

REPOSITORY_SAVE: SUCCESS,INFO,WARNING,ERROR,DENIED,REDIRECT

If these audit filters are not configured in "Events and Outcomes", this is a finding.

Check Content Reference

M

Target Key

3399

Comments