Details

If a messaging cluster is used, authentication must be in place to prevent unauthorized nodes joining the cluster pool.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Setup you password in the element:

….
myuser
${jboss.messaging.cluster.password:mypass}

Supportive Information

The following resource is also helpful.

• https://docs.jboss.org/author/display/AS72/Hardening+Guidelines

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

• 800-53|AC-3(7)

Source

• Tenable.com/audits