Skip to content
Log In

JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000120-AS-000080

    Group
    Show

  • File permissions must be configured to protect log information from unauthorized deletion.

    If log data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. When...
    Rule Medium Severity
    Show

  • SRG-APP-000125-AS-000084

    Group
    Show

  • The JBoss Password Vault must be used for storing passwords or other sensitive configuration information.

    JBoss EAP 6 has a Password Vault to encrypt sensitive strings, store them in an encrypted keystore, and decrypt them for applications and verification systems. Plain-text configuration files, such ...
    Rule Medium Severity
    Show

  • SRG-APP-000171-AS-000119

    Group
    Show

  • SRG-APP-000133-AS-000092

    Group
    Show

  • mgmt-users.properties file permissions must be set to allow access to authorized users only.

    The mgmt-users.properties file contains the password hashes of all users who are in a management role and must be protected. Application servers have the ability to specify that the hosted applica...
    Rule Medium Severity
    Show

  • SRG-APP-000141-AS-000095

    Group
    Show

  • JBoss process owner interactive access must be restricted.

    JBoss does not require admin rights to operate and should be run as a regular user. In addition, if the user account was to be compromised and the account was allowed interactive logon rights, thi...
    Rule High Severity
    Show

  • SRG-APP-000141-AS-000095

    Group
    Show

  • Google Analytics must be disabled in EAP Console.

    The Google Analytics feature aims to help Red Hat EAP team understand how customers are using the console and which parts of the console matter the most to the customers. This information will, in ...
    Rule Medium Severity
    Show

  • SRG-APP-000141-AS-000095

    Group
    Show

  • JBoss process owner execution permissions must be limited.

    JBoss EAP application server can be run as the OS admin, which is not advised. Running the application server with admin privileges increases the attack surface by granting the application server ...
    Rule High Severity
    Show

  • SRG-APP-000141-AS-000095

    Group
    Show

  • JBoss QuickStarts must be removed.

    JBoss QuickStarts are demo applications that can be deployed quickly. Demo applications are not written with security in mind and often open new attack vectors. QuickStarts must be removed.
    Rule Medium Severity
    Show

  • SRG-APP-000141-AS-000095

    Group
    Show

  • SRG-APP-000148-AS-000101

    Group
    Show

  • The JBoss Server must be configured to utilize a centralized authentication mechanism such as AD or LDAP.

    To assure accountability and prevent unauthorized access, application server users must be uniquely identified and authenticated. This is typically accomplished via the use of a user store that is...
    Rule Medium Severity
    Show

  • SRG-APP-000149-AS-000102

    Group
    Show

  • The JBoss Server must be configured to use certificates to authenticate admins.

    Multifactor authentication creates a layered defense and makes it more difficult for an unauthorized person to access the application server. If one factor is compromised or broken, the attacker s...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules