The WebSphere Application Server must generate log records when successful/unsuccessful attempts to access subject privileges occur.
An XCCDF Rule
Description
<VulnDiscussion>Accessing a subject's privileges can be used to elevate a lower-privileged subject's privileges temporarily in order to cause harm to the application server or to gain privileges to operate temporarily for a designed purpose. When these actions take place, the event needs to be logged. Application servers either provide a local user store, or they integrate with enterprise user stores like LDAP. When the application server provides the user store and enforces authentication, the application server must generate a log record when modification of privileges is successfully or unsuccessfully performed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-95951r1_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
In the administrative console, navigate to Security >> Security auditing >> Audit Service Provider.
Click on the providers in the list.
Note the names of all the filters, e.g., "DefaultAuditSpecification_1".