Documentation - V-255846

V-255846

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

CAT III

Title

The WebSphere Application Server must shut down by default upon log failure (unless availability is an overriding concern).

Description

<VulnDiscussion>It is critical that, when a system is at risk of failing to process logs, it detects and takes action to mitigate the failure. Log processing failures include software/hardware errors, failures in the log capturing mechanisms, and log storage capacity being reached or exceeded. During a failure, the application server must be configured to shut down unless the application server is part of a high availability system or availability is an overriding concern. When availability is ...

Fix Text (Documentation Requirement)

In the admin console click Security >> Security Auditing. Set "Audit subsystem failure action" to "Terminate". Restart the DMGR and all JVMs.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel