JBOS-AS-000075 - JBoss management interfaces must be secured.

Information

JBoss utilizes the concept of security realms to secure the management interfaces used for JBoss server administration. If the security realm attribute is omitted or removed from the management interface definition, access to that interface is no longer secure. The JBoss management interfaces must be secured.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Identify the security realm used for management of the system. By default, this is called 'Management Realm'.

If a management security realm is not already available, reference the Jboss EAP 6.3 system administration guide for instructions on how to create a security realm for management purposes. Create the management realm, and assign authentication and authorization access restrictions to the management realm.

Assign the management interfaces to the management realm.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_JBoss_EAP_6-3_V2R4_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CAT|I, CCI|CCI-000213, Rule-ID|SV-213502r954708_rule, STIG-ID|JBOS-AS-000075, STIG-Legacy|SV-76719, STIG-Legacy|V-62229, Vuln-ID|V-213502

Plugin: Unix

Control ID: 881d271ffb322ed4d048155046b2b4c812f20838fc60cfac5dae52ccd5c01e45