The application server must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

An XCCDF Rule

Description

Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. Restricting non-privileged users also prevents an attacker who has gained access to a non-privileged account, from elevating privileges, creating accounts, and performing system checks and maintenance.

ID: SV-213539r961353_rule
Version: JBOS-AS-000475
Severity: Medium
References: CCI-002235
Updated: about 2 months ago

Remediation Templates

Run the following command.
<JBOSS_HOME>/bin/jboss-cli.sh -c -> connect -> cd /core-service=management/access-authorization :write-attribute(name=provider, value=rbac)

Restart JBoss.

Map users to roles by running the following command.  Upper-case words are variables.
role-mapping=ROLENAME/include=ALIAS:add(name-USERNAME, type=USER ROLE)

The application server must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Description

Remediation Templates

A Manual Procedure