STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

JBoss process owner interactive access must be restricted.

DISA Rule

SV-213518r615939_rule

Vulnerability Number

V-213518

Group Title

SRG-APP-000141-AS-000095

Rule Version

JBOS-AS-000220

Severity

CAT I

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Use the relevant OS commands to restrict JBoss user account from interactively logging on to the console of the JBoss system.

For Windows systems, use GPO.

For UNIX like systems using ssh DenyUsers <account id> or follow established procedure for restricting access.

Check Contents

Identify the user account used to run the JBoss server. Use relevant OS commands to determine logon rights to the system. This account should not have full shell/interactive access to the system.

If the user account used to operate JBoss can log on interactively, this is a finding.

Vulnerability Number

V-213518

Documentable

False

Rule Version

JBOS-AS-000220

Severity Override Guidance

Identify the user account used to run the JBoss server. Use relevant OS commands to determine logon rights to the system. This account should not have full shell/interactive access to the system.

If the user account used to operate JBoss can log on interactively, this is a finding.

Check Content Reference

M

Target Key

3987

Comments