Add configurable fix for SRG-APP-000108-AS-000067

smsiebe / gf-audit

Glassfish audit module for GF 4.1 which resolves multiple DISA STIG rules.

Apache License 2.0

1 stars 0 forks source link

Add configurable fix for SRG-APP-000108-AS-000067 #1

Open smsiebe opened 9 years ago

smsiebe commented 9 years ago

Rule Title: The application server must alert the SA and ISSO, at a minimum, in the event of a log processing failure. STIG ID: SRG-APP-000108-AS-000067
Rule ID: SV-46473r2_rule
Vuln ID: V-35186

Check Content: Review application server log configuration. Verify the application server sends alerts to the SA and ISSO in the event of a log processing failure.

If the application server is not configured to meet this requirement, this is a finding.

smsiebe commented 9 years ago

I'm going to leave this issue open for now until the gf-audit module has a (default) solution for this, but I believe this should be implemented outside of the gf-audit project and be a concern of whatever logging framework/system is used (org.geoint.gf.audit.log.AuditLogger implementation), as this rule is a broader concern and not just for GF.