Redhat JBoss EAP 5.x

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: Redhat JBoss EAP 5.x

Updated: 7/12/2022

Authority: SCAP

Plugin: Unix

Revision: 1.25

Estimated Item Count: 112

Audit Changelog


Revision 1.25 Jul 12, 2022 Miscellaneous Audit deprecated. Metadata updated. References updated.
Revision 1.24 Apr 25, 2022 Miscellaneous Metadata updated. References updated.
Revision 1.23 Jun 9, 2021 Informational Update 1.17 The allRolesMode must be configured to 'strict' - 'allRolesMode = strict' 2.25 Ensure Configure SecurityInterceptor logging level is set correctly - 'org.jboss.ejb.plugins.SecurityInterceptor = true' 2.29 Production applications should not log output to the JBoss console - 'JBoss console output log = false' 3.1 Ensure JMX Console is either secured or removed - 'java:/jaas/jmx-console = true' 3.1 Ensure JMX Console is either secured or removed - 'java:/jaas/jmx-console = true' - jmx-console.war 3.4 The JMXInvokerServlet servlet must be secured against web attacks 3.4 The JMXInvokerServlet servlet must be secured against web attacks - 'http-method,'POST' = false' 3.4 The JMXInvokerServlet servlet must be secured against web attacks - 'http-method,GET = false' 3.5 JMXInvokerServlet configuration - 'usersProperties = props/jmx-console-users.properties' 3.5 JMXInvokerServlet servlet configuration - 'rolesProperties = props/jmx-console-roles.properties' 3.5 The JMXInvokerServlet servlet must be configured to prevent unprivileged access using authentication - 'java:/jaas/jmx-console = true' 3.6 JMXInvokerServlet configuration - 'org.jboss.jmx.connector.invoker.RolesAuthorization = true' 3.6 JMXInvokerServlet configuration - 'rolesProperties = props/jmx-console-roles.properties' 3.6 JMXInvokerServlet configuration - 'usersProperties = props/jmx-console-users.properties' Miscellaneous References updated. Added 2.28 Ensure all required information is displayed in <layout> - 'ConversionPattern = \%d \%-5p \\[\%c\\] \\(\%t:\%x\\) \%m\%n' Removed 2.28 Ensure all required information is displayed in <layout> - 'ConversionPattern = \%d \%-5p \\[\%c\\] \\(\%t:\%x\\) \%m\%n'
Revision 1.22 Feb 1, 2021 Miscellaneous Metadata updated. References updated.
Revision 1.21 Sep 29, 2020 Miscellaneous References updated.
Revision 1.20 Jul 14, 2020 Miscellaneous Metadata updated.
Revision 1.19 Apr 22, 2020 Miscellaneous Metadata updated. References updated.
Revision 1.18 Feb 7, 2019 Miscellaneous Metadata updated. References updated.
Revision 1.17 Dec 13, 2018 Functional Update Red Hat Security Benchmark JBoss Enterprise Application Platform 5.x Informational Update 1.1 JBoss Enterprise Application Platform should be a vendor supported version 1.2 Ensure all configurations are made to the appropriate server profile 1.6 Production applications should not implement the default SRPVerifierStore interface for the Secure Remote Password (SRP) protocol 1.7 Declare an EJB authorization policy for deployed applications 1.9 Ensure appropriate DefaultDS is enabled Miscellaneous Metadata updated. References updated.