Skip to content

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000118-AS-000078

    <GroupDescription></GroupDescription>
    Group
  • The WebSphere Application Server must be configured to protect log information from any type of unauthorized read access.

    &lt;VulnDiscussion&gt;WebSphere uses role-based access controls to restrict access to log data. To take advantage of this capability, WebSphere adm...
    Rule Low Severity
  • SRG-APP-000119-AS-000079

    <GroupDescription></GroupDescription>
    Group
  • The WebSphere Application Server must protect log information from unauthorized modification.

    &lt;VulnDiscussion&gt;WebSphere uses role-based access controls to restrict access to log data. To take advantage of this capability, WebSphere adm...
    Rule Medium Severity
  • SRG-APP-000120-AS-000080

    <GroupDescription></GroupDescription>
    Group
  • The WebSphere Application Server must protect log information from unauthorized deletion.

    &lt;VulnDiscussion&gt;WebSphere uses role based access controls to restrict access to log data. To take advantage of this capability, WebSphere adm...
    Rule Medium Severity
  • SRG-APP-000121-AS-000081

    <GroupDescription></GroupDescription>
    Group
  • The WebSphere Application Server wsadmin file must be protected from unauthorized access.

    &lt;VulnDiscussion&gt;Protecting log data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon...
    Rule Medium Severity
  • SRG-APP-000122-AS-000082

    <GroupDescription></GroupDescription>
    Group
  • The WebSphere Application Server wsadmin file must be protected from unauthorized modification.

    &lt;VulnDiscussion&gt;Protecting log data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon...
    Rule Medium Severity
  • SRG-APP-000123-AS-000083

    <GroupDescription></GroupDescription>
    Group
  • The WebSphere Application Server wsadmin file must be protected from unauthorized deletion.

    &lt;VulnDiscussion&gt;Protecting log data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon...
    Rule Medium Severity
  • SRG-APP-000126-AS-000085

    <GroupDescription></GroupDescription>
    Group
  • The WebSphere Application Server must be configured to encrypt log information.

    &lt;VulnDiscussion&gt;Protection of log records is of critical importance. Encrypting log records provides a level of protection that does not rely...
    Rule Medium Severity
  • SRG-APP-000126-AS-000085

    <GroupDescription></GroupDescription>
    Group
  • The WebSphere Application Server must be configured to sign log information.

    &lt;VulnDiscussion&gt;Protection of log records is of critical importance. Encrypting log records provides a level of protection that does not rely...
    Rule Medium Severity
  • SRG-APP-000141-AS-000095

    <GroupDescription></GroupDescription>
    Group
  • The WebSphere Application Server process must not be started from the command line with the -password option.

    &lt;VulnDiscussion&gt;The use of the -password option to launch a WebSphere process from the command line can result in a security exposure. Passwo...
    Rule Medium Severity
  • SRG-APP-000141-AS-000095

    <GroupDescription></GroupDescription>
    Group
  • The WebSphere Application Server files must be owned by the non-root WebSphere user ID.

    &lt;VulnDiscussion&gt;Having files owned by the root or administrator user is an indication that the WebSphere processes are being run with escalat...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules