STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018: STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:SV-95983r1_rule
V-81269
SRG-APP-000141-AS-000095
WBSP-AS-000910
CAT II
10
When starting WebSphere commands, such as wsadmin, stopManager, stopNode, stopServer, or syncNode; do not use the "-password <password>" option.
Use the interactive mode instead; you will be prompted for user id and password.
For scripts, you may configure user id and password in the "connector properties" files. These files are under "Profile_Root/Properties" folder.
- soap.client.props: for default SOAP
- sas.client.props : for RMI and JSR160RMI connectors
- ipc.client.props: for IPC connector
Review System Security Plan documentation.
Interview the system administrator.
Access operating system to list commands currently running.
For UNIX: run "ps -ef | grep -i wsadmin.sh"
For windows: from a DOS prompt as admin user run "WMIC path win32_process where "caption='wsadmin.exe'" get CommandLine"
If the results show "wsadmin.sh(exe) -user <username> -password <password>", this is a finding.
V-81269
False
WBSP-AS-000910
Review System Security Plan documentation.
Interview the system administrator.
Access operating system to list commands currently running.
For UNIX: run "ps -ef | grep -i wsadmin.sh"
For windows: from a DOS prompt as admin user run "WMIC path win32_process where "caption='wsadmin.exe'" get CommandLine"
If the results show "wsadmin.sh(exe) -user <username> -password <password>", this is a finding.
M
3399