JBOS-AS-000025 - Java permissions must be set for hosted applications.

Information

The Java Security Manager is a java class that manages the external boundary of the Java Virtual Machine (JVM) sandbox, controlling how code executing within the JVM can interact with resources outside the JVM.

The JVM requires a security policy in order to restrict application access. A properly configured security policy will define what rights the application has to the underlying system. For example, rights to make changes to files on the host system or to initiate network sockets in order to connect to another system.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the Java security manager to enforce access restrictions to the host system resources in accordance with application design and resource requirements.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_JBoss_EAP_6-3_V2R4_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CAT|I, CCI|CCI-000213, Rule-ID|SV-213496r954708_rule, STIG-ID|JBOS-AS-000025, STIG-Legacy|SV-76707, STIG-Legacy|V-62217, Vuln-ID|V-213496

Plugin: Unix

Control ID: 31940286864a8eb8176ef6db92d08129c0d05e41fad24f495875ec526763f362