Skip to content

The WebSphere Application Server must generate log records when successful/unsuccessful attempts to access subject privileges occur.

An XCCDF Rule

Description

<VulnDiscussion>Accessing a subject's privileges can be used to elevate a lower-privileged subject's privileges temporarily in order to cause harm to the application server or to gain privileges to operate temporarily for a designed purpose. When these actions take place, the event needs to be logged. Application servers either provide a local user store, or they integrate with enterprise user stores like LDAP. When the application server provides the user store and enforces authentication, the application server must generate a log record when modification of privileges is successfully or unsuccessfully performed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-95951r1_rule
Severity
Low
References
Updated



Remediation - Manual Procedure

In the administrative console, navigate to Security >> Security auditing >> Audit Service Provider.

Click on the providers in the list.

Note the names of all the filters, e.g., "DefaultAuditSpecification_1".