III - Administrative Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000360-AS-000066
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must provide an immediate real-time alert to authorized users of all log failure events requiring real-time alerts.
<VulnDiscussion>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process logs as required. Log p...Rule Medium Severity -
SRG-APP-000108-AS-000067
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must alert the SA and ISSO, at a minimum, in the event of a log processing failure.
<VulnDiscussion>Logs are essential to monitor the health of the system, investigate changes that occurred to the system, or investigate a sec...Rule Low Severity -
SRG-APP-000108-AS-000067
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server audit subsystem failure action must be set to Log warning.
<VulnDiscussion>Logs are essential to monitor the health of the system, investigate changes that occurred to the system, or investigate a sec...Rule Medium Severity -
SRG-APP-000109-AS-000068
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must shut down by default upon log failure (unless availability is an overriding concern).
<VulnDiscussion>It is critical that, when a system is at risk of failing to process logs, it detects and takes action to mitigate the failure...Rule Low Severity -
SRG-APP-000109-AS-000070
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server high availability applications must be configured to fail over to another system in the event of log subsystem failure.
<VulnDiscussion>This requirement is dependent upon system MAC and availability. If the system MAC and availability do not specify redundancy ...Rule Low Severity -
SRG-APP-000118-AS-000078
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must be configured to protect log information from any type of unauthorized read access.
<VulnDiscussion>WebSphere uses role-based access controls to restrict access to log data. To take advantage of this capability, WebSphere adm...Rule Low Severity -
SRG-APP-000119-AS-000079
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must protect log information from unauthorized modification.
<VulnDiscussion>WebSphere uses role-based access controls to restrict access to log data. To take advantage of this capability, WebSphere adm...Rule Medium Severity -
SRG-APP-000120-AS-000080
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must protect log information from unauthorized deletion.
<VulnDiscussion>WebSphere uses role based access controls to restrict access to log data. To take advantage of this capability, WebSphere adm...Rule Medium Severity -
SRG-APP-000121-AS-000081
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server wsadmin file must be protected from unauthorized access.
<VulnDiscussion>Protecting log data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon...Rule Medium Severity -
SRG-APP-000122-AS-000082
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server wsadmin file must be protected from unauthorized modification.
<VulnDiscussion>Protecting log data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon...Rule Medium Severity -
SRG-APP-000123-AS-000083
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server wsadmin file must be protected from unauthorized deletion.
<VulnDiscussion>Protecting log data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon...Rule Medium Severity -
SRG-APP-000126-AS-000085
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must be configured to encrypt log information.
<VulnDiscussion>Protection of log records is of critical importance. Encrypting log records provides a level of protection that does not rely...Rule Medium Severity -
SRG-APP-000126-AS-000085
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must be configured to sign log information.
<VulnDiscussion>Protection of log records is of critical importance. Encrypting log records provides a level of protection that does not rely...Rule Medium Severity -
SRG-APP-000141-AS-000095
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server process must not be started from the command line with the -password option.
<VulnDiscussion>The use of the -password option to launch a WebSphere process from the command line can result in a security exposure. Passwo...Rule Medium Severity -
SRG-APP-000141-AS-000095
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server files must be owned by the non-root WebSphere user ID.
<VulnDiscussion>Having files owned by the root or administrator user is an indication that the WebSphere processes are being run with escalat...Rule Medium Severity -
SRG-APP-000141-AS-000095
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server sample applications must be removed.
<VulnDiscussion>WebSphere samples are not intended for use in a production environment. Do not run them there, as they create significant sec...Rule Low Severity -
SRG-APP-000141-AS-000095
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must remove JREs left by web server and plug-in installers for web servers and plugins running in the DMZ.
<VulnDiscussion>When you install IBM HTTP Server, the installer leaves behind a JRE. Remove this JRE, as it provides functions that are not n...Rule Low Severity -
SRG-APP-000141-AS-000095
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must be run as a non-admin user.
<VulnDiscussion>Running WebSphere as an admin user gives attackers immediate admin privileges in the event the WebSphere processes are compro...Rule Medium Severity -
SRG-APP-000141-AS-000095
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must disable JSP class reloading.
<VulnDiscussion>Application servers provide a myriad of differing processes, features, and functionalities. Some of these processes may be de...Rule Medium Severity -
SRG-APP-000142-AS-000014
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must prohibit or restrict the use of nonsecure ports, protocols, modules, and/or services as defined in the PPSM CAL and vulnerability assessments.
<VulnDiscussion>Some networking protocols may not meet organizational security requirements to protect data and components. Application serv...Rule Medium Severity -
SRG-APP-000148-AS-000101
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server LDAP user registry must be used.
<VulnDiscussion>To assure accountability and prevent unauthorized access, application server users must be uniquely identified and authentica...Rule Medium Severity -
SRG-APP-000148-AS-000101
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server local file-based user registry must not be used.
<VulnDiscussion>WebSphere does not provide direct audit of changes to the built-in file registry. The built-in file registry must not be used...Rule Medium Severity -
SRG-APP-000149-AS-000102
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.
<VulnDiscussion>Multifactor authentication creates a layered defense and makes it more difficult for an unauthorized person to access the app...Rule Medium Severity -
SRG-APP-000156-AS-000106
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must provide security extensions to extend the SOAP protocol and provide secure authentication when accessing sensitive data.
<VulnDiscussion>Application servers may provide a web services capability that could be leveraged to allow remote access to sensitive applica...Rule Medium Severity -
SRG-APP-000156-AS-000106
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must provide security extensions to extend the SOAP protocol and provide secure authentication when accessing sensitive data.
<VulnDiscussion>Application servers may provide a web services capability that could be leveraged to allow remote access to sensitive applica...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.