STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server must allocate JVM log record storage capacity in accordance with organization-defined log record storage requirements.

DISA Rule

SV-95953r1_rule

Vulnerability Number

V-81239

Group Title

SRG-APP-000357-AS-000038

Rule Version

WBSP-AS-000580

Severity

CAT II

CCI(s)

• CCI-001849 - The organization allocates audit record storage capacity in accordance with organization-defined audit record storage requirements.

Weight

10

Fix Recommendation

Identify JVM log size and history retention based on component log policy.

Document those values in the System Security Plan.

From the administrative console, navigate to Troubleshooting >> Logs and Trace.

Select each [server name].

Click "JVM" Logs.

Under "System.out", "Log Rotation", select "File size" in the "Maximum Size" entry field, enter the maximum log size based on policy.

Under "System.err", "Log Rotation", select "File Size" in the "Maximum Size" entry field, enter the maximum log size based on policy.

Click "OK".

Click "Save".

Check Contents

Review System Security Plan documentation.

Identify the JVM log size and rotation settings based on component log policy.

From the administrative console, navigate to Troubleshooting >> Logs and Trace.

Choose [server name].

Click on the server name to select it.

Click "JVM" Logs.

For "System.out" verify "File Size" is selected and "Maximum size" and "Maximum Historical Log Files" are set according to the System Security Plan.

For "System.err" verify "File Size" is selected and "Maximum size" and "Maximum Historical Log Files" are set according to the System Security Plan.

If log size and log history retention settings for "System.err" and "System.out" are not set as per the System Security Plan, this is a finding.

Vulnerability Number

V-81239

Documentable

False

Rule Version

WBSP-AS-000580

Severity Override Guidance

Review System Security Plan documentation.

Identify the JVM log size and rotation settings based on component log policy.

From the administrative console, navigate to Troubleshooting >> Logs and Trace.

Choose [server name].

Click on the server name to select it.

Click "JVM" Logs.

For "System.out" verify "File Size" is selected and "Maximum size" and "Maximum Historical Log Files" are set according to the System Security Plan.

For "System.err" verify "File Size" is selected and "Maximum size" and "Maximum Historical Log Files" are set according to the System Security Plan.

If log size and log history retention settings for "System.err" and "System.out" are not set as per the System Security Plan, this is a finding.

Check Content Reference

M

Target Key

3399

Comments