Documentation - V-255852

V-255852

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

CAT II

Title

The WebSphere Application Server wsadmin file must be protected from unauthorized modification.

Description

<VulnDiscussion>Protecting log data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may provide the only means to manipulate and manage application and system log data. It is, therefore, imperative that access to log tools be controlled and protected from unauthorized modification. If an attacker were to modify log tools, he could also manipulate logs to hide evidence of m...

Fix Text (Documentation Requirement)

On the system hosting the WebSphere Application Server, log on to the operating system with admin rights. Navigate to the "WebSphere" folder. Change the permissions on the folder. Do not propagate permissions to sub-folders. For UNIX systems: set the "WebSphere" folder permissions to "770". For Windows systems: set the "WebSphere" folder permission to allow full control for SYSTEM, WebSphere user, and Admin Group. Do not propagate permissions to sub-folders.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel