JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000120-AS-000080
Group -
File permissions must be configured to protect log information from unauthorized deletion.
If log data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. When...Rule Medium Severity -
SRG-APP-000125-AS-000084
Group -
The JBoss Password Vault must be used for storing passwords or other sensitive configuration information.
JBoss EAP 6 has a Password Vault to encrypt sensitive strings, store them in an encrypted keystore, and decrypt them for applications and verification systems. Plain-text configuration files, such ...Rule Medium Severity -
SRG-APP-000171-AS-000119
Group -
SRG-APP-000133-AS-000092
Group -
mgmt-users.properties file permissions must be set to allow access to authorized users only.
The mgmt-users.properties file contains the password hashes of all users who are in a management role and must be protected. Application servers have the ability to specify that the hosted applica...Rule Medium Severity -
SRG-APP-000141-AS-000095
Group -
JBoss process owner interactive access must be restricted.
JBoss does not require admin rights to operate and should be run as a regular user. In addition, if the user account was to be compromised and the account was allowed interactive logon rights, thi...Rule High Severity -
SRG-APP-000141-AS-000095
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.