STIGQter STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server local file-based user registry must not be used.

DISA Rule

SV-96019r1_rule

Vulnerability Number

V-81305

Group Title

SRG-APP-000148-AS-000101

Rule Version

WBSP-AS-001020

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Navigate to Security >> Global Security.

Under "User Account Repository", select "Stand alone LDAP" from the "Available realm definitions" drop-down.

Click on "Configure".

Select an existing user from the LDAP directory to be the primary WebSphere admin user.

Identify the type of LDAP server; specify an IP or DNS name for the LDAP Server, and the port used to connect to the LDAP server.

Specify BASE DN.

Specify the BIND DN.

Specify the BIND Password.

Select the "SSL enabled" check box to use secure LDAP.

Click "Apply".

Click "Save".

Go to Global Security.

Select "Standalone LDAP registry" from the "Available realm definitions" drop-down.

Click "Set as current".

Click "Apply".

Click "Save".

Restart the dmgr and synchronize the JVMs.

Check Contents

Navigate to Security >> Global Security.

Under "User Account Repository" if the "Federated Repositories" is chosen, click on "Configure".

Under "Repositories in the realm", if "o=defaultWIMFileBasedRealm" appears in the "Base Entry" column, this is a finding.

Vulnerability Number

V-81305

Documentable

False

Rule Version

WBSP-AS-001020

Severity Override Guidance

Navigate to Security >> Global Security.

Under "User Account Repository" if the "Federated Repositories" is chosen, click on "Configure".

Under "Repositories in the realm", if "o=defaultWIMFileBasedRealm" appears in the "Base Entry" column, this is a finding.

Check Content Reference

M

Target Key

3399

Comments