The WebSphere Liberty Server must log remote session and security activity.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-250325 | SRG-APP-000016-AS-000013 | IBMW-LS-000040 | SV-250325r1015250_rule | 2025-02-11 | 2 |
| Description |
|---|
| Security auditing must be configured in order to log remote session activity. Security auditing will not be performed unless the audit feature (audit-1.0) has been enabled. The security feature (appSecurity-2.0) must be enabled for the security auditing to capture security transactions. Remote session activity will then be logged, regardless of the user attempting that activity. Satisfies: SRG-APP-000016-AS-000013, SRG-APP-000080-AS-000045, SRG-APP-000089-AS-000050, SRG-APP-000091-AS-000052, SRG-APP-000095-AS-000056, SRG-APP-000096-AS-000059, SRG-APP-000097-AS-000060, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062, SRG-APP-000100-AS-000063, SRG-APP-000101-AS-000072, SRG-APP-000266-AS-000168, SRG-APP-000343-AS-000030, SRG-APP-000172-AS-000121 |
| ℹ️ Check |
|---|
| Review the ${server.config.dir}/server.xml file and ensure audit-1.0 and appSecurity-2.0 are defined within the <featureManager> setting in the server.xml file. If audit-1.0 and appSecurity-2.0 are not defined within the <featureManager> setting in the server.xml file, this is a finding. EXAMPLE: <featureManager> <feature>audit-1.0</feature> <feature>appSecurity-3.0</feature> </featureManager> |
| ✔️ Fix |
|---|
| To log remote access events, the featureManager setting in the ${server.config.dir}/server.xml must contain the audit and appSecurity features. <featureManager> <feature>audit-1.0</feature> <feature>appSecurity-2.0</feature> </featureManager> |