JBOS-AS-000010 – HTTP management session traffic must be encrypted.
Details Types of management interfaces utilized by the JBoss EAP application server include web-based HTTP interfaces as well as command...
- Home
- Security Hardening
- DISA RedHat JBoss EAP 6.3 STIG V2R2
DISA RedHat JBoss EAP 6.3 STIG V2R2
JBOS-AS-000015 – HTTPS must be enabled for JBoss web interfaces.
Details Encryption is critical for protection of remote access sessions. If encryption is not being used for integrity, malicious users...JBOS-AS-000025 – Java permissions must be set for hosted applications.
Details The Java Security Manager is a java class that manages the external boundary of the Java Virtual Machine (JVM)...JBOS-AS-000110 – JBoss must be configured to produce log records containing information to establish what type of events occurred.
Details Information system logging capability is critical for accurate forensic analysis. Without being able to establish what type of event...JBOS-AS-000115 – JBoss Log Formatter must be configured to produce log records that establish the date and time the events occurred.
Details Application server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of...JBOS-AS-000120 – JBoss must be configured to produce log records that establish which hosted application triggered the events.
Details Application server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of...JBOS-AS-000125 – JBoss must be configured to record the IP address and port information used by management interface network traffic.
Details Application server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of...JBOS-AS-000030 – The Java Security Manager must be enabled for the JBoss application server – java.security.manager
Details The Java Security Manager is a java class that manages the external boundary of the Java Virtual Machine (JVM)...JBOS-AS-000130 – The application server must produce log records that contain sufficient information to establish the outcome of events.
Details Information system logging capability is critical for accurate forensic analysis. Log record content that may be necessary to satisfy...JBOS-AS-000030 – The Java Security Manager must be enabled for the JBoss application server – java.security.policy
Details The Java Security Manager is a java class that manages the external boundary of the Java Virtual Machine (JVM)...