STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-213517r615939_rule
V-213517
SRG-APP-000133-AS-000092
JBOS-AS-000210
CAT II
10
Configure the file permissions to allow access to authorized users only.
Owner can be full access.
Group can be full access.
All others must have execute permissions only.
The mgmt-users.properties files are located in the standalone or domain configuration folder.
<JBOSS_HOME>/domain/configuration/mgmt-users.properties.
<JBOSS_HOME>/standalone/configuration/mgmt-users.properties.
Identify users who have access to the files using relevant OS commands.
Obtain documentation from system admin identifying authorized users.
Owner can be full access.
Group can be full access.
All others must have execute permissions only.
If the file permissions are not configured so as to restrict access to only authorized users, or if documentation that identifies authorized users is missing, this is a finding.
V-213517
False
JBOS-AS-000210
The mgmt-users.properties files are located in the standalone or domain configuration folder.
<JBOSS_HOME>/domain/configuration/mgmt-users.properties.
<JBOSS_HOME>/standalone/configuration/mgmt-users.properties.
Identify users who have access to the files using relevant OS commands.
Obtain documentation from system admin identifying authorized users.
Owner can be full access.
Group can be full access.
All others must have execute permissions only.
If the file permissions are not configured so as to restrict access to only authorized users, or if documentation that identifies authorized users is missing, this is a finding.
M
3987