Skip to content
Log In

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The WebSphere Application Server wsadmin file must be protected from unauthorized modification.

    Protecting log data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may pr...
    Rule Medium Severity
    Show

  • SRG-APP-000123-AS-000083

    Group
    Show

  • The WebSphere Application Server wsadmin file must be protected from unauthorized deletion.

    Protecting log data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may pr...
    Rule Medium Severity
    Show

  • SRG-APP-000126-AS-000085

    Group
    Show

  • The WebSphere Application Server must be configured to encrypt log information.

    Protection of log records is of critical importance. Encrypting log records provides a level of protection that does not rely on host-based protections that can be accidentally misconfigured, such ...
    Rule Medium Severity
    Show

  • SRG-APP-000126-AS-000085

    Group
    Show

  • SRG-APP-000141-AS-000095

    Group
    Show

  • SRG-APP-000141-AS-000095

    Group
    Show

  • The WebSphere Application Server files must be owned by the non-root WebSphere user ID.

    Having files owned by the root or administrator user is an indication that the WebSphere processes are being run with escalated privileges. Running as root/admin user gives attackers elevated privi...
    Rule Medium Severity
    Show

  • SRG-APP-000141-AS-000095

    Group
    Show

  • The WebSphere Application Server sample applications must be removed.

    WebSphere samples are not intended for use in a production environment. Do not run them there, as they create significant security risks. In particular, the snoop servlet can provide an outsider wi...
    Rule Low Severity
    Show

  • SRG-APP-000141-AS-000095

    Group
    Show

  • SRG-APP-000141-AS-000095

    Group
    Show

  • The WebSphere Application Server must be run as a non-admin user.

    Running WebSphere as an admin user gives attackers immediate admin privileges in the event the WebSphere processes are compromised. Best practice is to operate the WebSphere server with an accoun...
    Rule Medium Severity
    Show

  • SRG-APP-000141-AS-000095

    Group
    Show

  • SRG-APP-000427-AS-000264

    Group
    Show

  • SRG-APP-000142-AS-000014

    Group
    Show

  • The WebSphere Application Server must prohibit or restrict the use of nonsecure ports, protocols, modules, and/or services as defined in the PPSM CAL and vulnerability assessments.

    Some networking protocols may not meet organizational security requirements to protect data and components. Application servers natively host a number of various features, such as management inter...
    Rule Medium Severity
    Show

  • SRG-APP-000148-AS-000101

    Group
    Show

  • The WebSphere Application Server LDAP user registry must be used.

    To assure accountability and prevent unauthorized access, application server users must be uniquely identified and authenticated. This is typically accomplished via the use of a user store which is...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules