STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The JBoss Server must be configured to utilize a centralized authentication mechanism such as AD or LDAP.

DISA Rule

SV-213526r615939_rule

Vulnerability Number

V-213526

Group Title

SRG-APP-000148-AS-000101

Rule Version

JBOS-AS-000260

Severity

CAT II

CCI(s)

CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

Fix Recommendation

Follow steps in section 11.8 - Management Interface Security in the JBoss_Enterprise_Application_Platform-6.3-Administration_and_Configuration_Guide-en-US document.

1. Create an outbound connection to the LDAP server.
2. Create an LDAP-enabled security realm.
3. Reference the new security domain in the Management Interface.

Check Contents

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.
Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder.
Run the jboss-cli script.
Connect to the server and authenticate.

To obtain the list of security realms run the command:
"ls /core-service=management/security-realm="

Review each security realm using the command:
"ls /core-service=management/security-realm=<SECURITY_REALM_NAME>/authentication"

If this command does not return a security realm that uses LDAP for authentication, this is a finding.

The JBoss Server must be configured to utilize a centralized authentication mechanism such as AD or LDAP.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments