Skip to content

JBoss management interfaces must be secured.

An XCCDF Rule

Description

<VulnDiscussion>JBoss utilizes the concept of security realms to secure the management interfaces used for JBoss server administration. If the security realm attribute is omitted or removed from the management interface definition, access to that interface is no longer secure. The JBoss management interfaces must be secured.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-213502r615939_rule
Severity
High
References
Updated



Remediation - Manual Procedure

Identify the security realm used for management of the system.  By default, this is called "Management Realm".

If a management security realm is not already available, reference the Jboss EAP 6.3 system administration guide for instructions on how to create a security realm for management purposes.  Create the management realm, and assign authentication and authorization access restrictions to the management realm.

Assign the management interfaces to the management realm.