Documentation - V-213513

V-213513

JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

CAT II

Title

File permissions must be configured to protect log information from any type of unauthorized read access.

Description

<VulnDiscussion>If log data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. When not configured to use a centralized logging solution like a syslog server, the JBoss EAP application server writes log data to log files that are stored on the OS; appropriate file permissions must be used to restrict access. Log information includes all information (e.g., log record...

Fix Text (Documentation Requirement)

Configure the OS file permissions on the application server to protect log information from unauthorized read access.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel