The WebSphere Liberty Server must log remote session and security activity.

An XCCDF Rule

Description

Security auditing must be configured in order to log remote session activity. Security auditing will not be performed unless the audit feature (audit-1.0) has been enabled. The security feature (appSecurity-2.0) must be enabled for the security auditing to capture security transactions. Remote session activity will then be logged, regardless of the user attempting that activity. Satisfies: SRG-APP-000016-AS-000013, SRG-APP-000080-AS-000045, SRG-APP-000089-AS-000050, SRG-APP-000091-AS-000052, SRG-APP-000095-AS-000056, SRG-APP-000096-AS-000059, SRG-APP-000097-AS-000060, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062, SRG-APP-000100-AS-000063, SRG-APP-000101-AS-000072, SRG-APP-000266-AS-000168, SRG-APP-000343-AS-000030, SRG-APP-000172-AS-000121

ID: SV-250325r1015250_rule
Version: IBMW-LS-000040
Severity: Medium
References: CCI-000067 CCI-000130 CCI-000131 CCI-000132 CCI-000133 CCI-000134 CCI-000135 CCI-000162 CCI-000166 CCI-000169 CCI-000172 CCI-001312 CCI-001487 CCI-002234
Updated: 14 days ago

Remediation Templates

To log remote access events, the featureManager setting in the ${server.config.dir}/server.xml must contain the audit and appSecurity features. 

<featureManager>
<feature>audit-1.0</feature>
<feature>appSecurity-2.0</feature>
</featureManager>

The WebSphere Liberty Server must log remote session and security activity.

Description

Remediation Templates

A Manual Procedure