Remote access to JMX subsystem must be disabled.

An XCCDF Rule

Details
Profiles

Description

The JMX subsystem allows you to trigger JDK and application management operations remotely. In a managed domain configuration, the JMX subsystem is removed by default. For a standalone configuration, it is enabled by default and must be removed.

ID: SV-213522r960963_rule
Version: JBOS-AS-000240
Severity: Medium
References: CCI-000381
Updated: 5 days ago

Remediation Templates

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.
Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder.
Run the jboss-cli script to start the Command Line Interface (CLI).
Connect to the server and authenticate.

For a Managed Domain configuration you must check each profile name:
For each PROFILE NAME, run the command:
"/profile=<PROFILE NAME>/subsystem=jmx/remoting-connector=jmx:remove"

For a Standalone configuration:
"/subsystem=jmx/remoting-connector=jmx:remove"

Remote access to JMX subsystem must be disabled.

Description

Remediation Templates

A Manual Procedure