From Oracle WebLogic Server 12c Security Technical Implementation Guide
Part of SRG-APP-000027-AS-000019
Associated with: CCI-001403
Once an attacker establishes initial access to a system, they often attempt to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply modify an existing account.
1. Access AC 2. From 'Domain Structure', select 'Security Realms' 3. Select realm to configure (default is 'myrealm') 4. Select 'Providers' tab -> 'Auditing' tab 5. Ensure the list of 'Auditing Providers' contains at least one Auditing Provider 6. From 'Domain Structure', select the top-level domain link 7. Click 'Advanced' near the bottom of the page 8. Ensure 'Configuration Audit Type' is set to 'Change Log and Audit' If the 'Configuration Audit Type' is not set to 'Change Log and Audit', this is a finding.
1. Access AC 2. From 'Domain Structure', select 'Security Realms' 3. Select realm to configure (default is 'myrealm') 4. Select 'Providers' tab -> 'Auditing' tab 5. Utilize 'Change Center' to create a new change session 6. Click 'New'. Enter a value in 'Name' field and select an auditing provider type (ex: DefaultAuditor) in the 'Type' dropdown. Click 'OK'. 7. From 'Domain Structure', select the top-level domain link 8. Click 'Advanced' near the bottom of the page 9. Set 'Configuration Audit Type' dropdown to 'Change Log and Audit' 10. Click 'Save', and from 'Change Center' click 'Activate Changes' to enable configuration changes
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer