4 - Restrict access to $JETTY_HOME - owner

Information

$JETTY_HOME is the environment variable which holds the path to the Jetty root directory. It is important to protect access to this in order to protect the Jetty binaries and libraries from unauthorized modification. It is recommended that you create a user to specifically run Jetty. This user should have the minimum set of privileges needed to run Jetty. The ownership of this directory should then be assigned to the Jetty user. It is also recommended that the permission on $JETTY_HOME prevent read, write, and execute for the world (o-rwx) and prevent write access to the group (g-w).

The security of processes and data that traverse or depend on Jetty may become compromised if the $JETTY_HOME is not secured.

Solution

To establish the recommended state:
1. Set the ownership of $JETTY_HOME to your dedicated jetty user (e.g., admin).
2. Remove read, write, and execute permissions for the world
3. Remove write permissions for the group.
# chown _admin. $JETTY_HOME # chmod g-w,o-rwx $JETTY_HOME

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: Unix

Control ID: ea86e286ef0e95eaa0b6ae2efdd811ce95d797e568e61b4549925782a23c2ea8