Details
JETTY.properties is a Java properties files that contains settings for Jetty, including class loader information, security package lists, and performance properties. It is recommended that access to this file has the proper permissions to properly protect from unauthorized changes.
Restricting access to this file will prevent local users from maliciously or inadvertently altering s security policy.
Solution
To restrict access to JETTY.policy perform the following actions:
1. Set the ownership of the $JETTY_HOME/…../JETTY.policy to _admin:.
2. Remove read, write, and execute permissions for the world.
3. Remove write permissions for the group.
# chown _admin: $JETTY_HOME/…./JETTY.properties # chmod g-w,o-rwx $JETTY_HOME/…../JETTY.properties
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.