The WebSphere Application Server must remove organization-defined software components after updated versions have been installed.

An XCCDF Rule

Description

By default, when updating WebSphere application server, the older version of binaries are saved in case a "roll back" is necessary. Not keeping the older version makes it more difficult for attackers to "revert" back to the older version.

ID: SV-96111r1_rule
Version: WBSP-AS-001740
Severity: Medium
References: CCI-002617
Updated: 24 days ago

Remediation Templates

Review System Security Plan and system documentation to locate the "IBM InstallationManager" folder.

Default locations are:
UNIX:
/opt/InstallationManager
Windows:
C:\Program Files\InstallationManager

UNIX:
<IMHOME>/eclipse/tools/imcl -c

Select "P" preferences. 
Select "3" Files for rollback.
Enter "1" to deselect.
Enter "A" for apply.
Enter "R" to return to Main Menu.

Windows:
<IMHOME>\eclipse\tools\imcl.exe -c

Select "P" preferences.
Select "3" Files for rollback.
Enter "1" to deselect.
Enter "A" for apply.
Enter "R" to return to Main Menu.

The WebSphere Application Server must remove organization-defined software components after updated versions have been installed.

Description

Remediation Templates

A Manual Procedure