JBoss must be configured to initiate session logging upon startup.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-213505 | SRG-APP-000092-AS-000053 | JBOS-AS-000095 | SV-213505r960888_rule | 2025-02-20 | 2 |
| Description |
|---|
| Session logging activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations. |
| ℹ️ Check |
|---|
| Log on to the OS of the JBoss server with OS permissions that allow access to JBoss. Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder. Run the jboss-cli script to start the Command Line Interface (CLI). Connect to the server and authenticate. Run the command: For a Managed Domain configuration: "ls host=master/server=<SERVERNAME>/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)" For a Standalone configuration: "ls /core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)" If "enabled" = false, this is a finding. |
| ✔️ Fix |
|---|
| Launch the jboss-cli management interface. Connect to the server by typing "connect", authenticate as a user in the Superuser role and run the following command: For a Managed Domain configuration: "host=master/server/<SERVERNAME>/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)" For a Standalone configuration: "/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)" |