The WebSphere Liberty Server must generate log records for authentication and authorization events.

An XCCDF Rule

Description

Enabling authentication (SECURITY_AUTHN) and authorization (SECURITY_AUTHZ) event handlers configures the server to record security authorization and authentication events. By logging these events, the logs can be analyzed to identify activity that could be related to security events and to aid post mortem forensic analysis. Satisfies: SRG-APP-000499-AS-000224, SRG-APP-000495-AS-000220, SRG-APP-000503-AS-000228, SRG-APP-000504-AS-000229, SRG-APP-000505-AS-000230, SRG-APP-000506-AS-000231, SRG-APP-000509-AS-000234, SRG-APP-000092-AS-000053

ID: SV-250350r961812_rule
Version: IBMW-LS-001190
Severity: Medium
References: CCI-000172 CCI-001464
Updated: 26 days ago

Remediation Templates

Modify the ${server.config.dir}/server.xml file and configure the audit-1.0 feature.

<featureManager>
<feature>audit-1.0</feature>
</featureManager>
Configure the auditFileHandler setting to record SECURITY_AUTHN and SECURITY_AUTHZ events. 

<auditFileHandler>
      <events name="AllAuthn" eventName="SECURITY_AUTHN"/>
<events name="AllAuthz" eventName="SECURITY_AUTHZ" />
    </auditFileHandler>    

Review audit logs located under the ${server.config.dir}/logs directory and ensure AUTHN and AUTHZ events are logged.

The WebSphere Liberty Server must generate log records for authentication and authorization events.

Description

Remediation Templates

A Manual Procedure