JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The JBoss server must be configured to log all admin activity.
In order to be able to provide a forensic history of activity, the application server must ensure users who are granted a privileged role or those who utilize a separate distinct account when acces...Rule Medium Severity -
SRG-APP-000358-AS-000064
Group -
SRG-APP-000380-AS-000088
Group -
Production JBoss servers must not allow automatic application deployment.
When dealing with access restrictions pertaining to change control, it should be noted that any changes to the software and/or application server configuration can potentially have significant effe...Rule Medium Severity -
SRG-APP-000381-AS-000089
Group -
Production JBoss servers must log when failed application deployments occur.
Without logging the enforcement of access restrictions against changes to the application server configuration, it will be difficult to identify attempted attacks, and a log trail will not be avail...Rule Medium Severity -
SRG-APP-000381-AS-000089
Group -
Production JBoss servers must log when successful application deployments occur.
Without logging the enforcement of access restrictions against changes to the application server configuration, it will be difficult to identify attempted attacks, and a log trail will not be avail...Rule Medium Severity -
SRG-APP-000427-AS-000264
Group -
The JRE installed on the JBoss server must be kept up to date.
The JBoss product is available as Open Source; however, the Red Hat vendor provides updates, patches and support for the JBoss product. It is imperative that patches and updates be applied to JBos...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.