JBOS-AS-000230 - JBoss process owner execution permissions must be limited.

Information

JBoss EAP application server can be run as the OS admin, which is not advised. Running the application server with admin privileges increases the attack surface by granting the application server more rights than it requires in order to operate. If the server is compromised, the attacker will have the same rights as the application server, which in that case would be admin rights. The JBoss EAP server must not be run as the admin user.

Solution

Run the JBoss server with non-admin rights.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_JBoss_EAP_6-3_V2R4_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|I, CCI|CCI-000381, Rule-ID|SV-213520r954822_rule, STIG-ID|JBOS-AS-000230, STIG-Legacy|SV-76755, STIG-Legacy|V-62265, Vuln-ID|V-213520

Plugin: Unix

Control ID: 7d532dedc95ba1d5e26645449d3077f40b71639b9f9810b62314e09cb124cfe7