Skip to content
Catalogs
XCCDF
JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide
SRG-APP-000506-AS-000231
JBoss must be configured to generate log records when concurrent logons from different workstations occur to the application server management interface.
JBoss must be configured to generate log records when concurrent logons from different workstations occur to the application server management interface. An XCCDF Rule
JBoss must be configured to generate log records when concurrent logons from different workstations occur to the application server management interface.
Medium Severity
<VulnDiscussion>Concurrent logons from different systems could possibly indicate a compromised account. When concurrent logons are made from different workstations to the management interface, a log record needs to be generated. This configuration setting provides forensic evidence that allows the system administrator to investigate access to the system and determine if the duplicate access was authorized or not.
JBoss provides a multitude of different log formats, and API calls that log access to the system. If the default format and location is not used, the system admin must provide the configuration documentation and settings that show that this requirement is being met.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>