STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

JBoss management Interfaces must be integrated with a centralized authentication mechanism that is configured to manage accounts according to DoD policy.

DISA Rule

SV-213529r615939_rule

Vulnerability Number

V-213529

Group Title

SRG-APP-000163-AS-000111

Rule Version

JBOS-AS-000290

Severity

CAT II

CCI(s)

• CCI-000795 - The organization manages information system identifiers by disabling the identifier after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Follow steps in section 11.8 - Management Interface Security in the JBoss_Enterprise_Application_Platform-6.3-Administration_and_Configuration_Guide-en-US document.

1. Create an outbound connection to the LDAP server.
2. Create an LDAP-enabled security realm.
3. Reference the new security domain in the Management Interface.

Check Contents

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.
Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder.
Run the jboss-cli script.
Connect to the server and authenticate.

Obtain the list of management interfaces by running the command:
"ls /core-service=management/management-interface"

Identify the security realm used by each management interface configuration by running the command:
"ls /core-service=management/management-interface=<MANAGEMENT-INTERFACE-NAME>"

Determine if the security realm assigned to the management interface uses LDAP for authentication by running the command:
"ls /core-service=management/security-realm=<SECURITY_REALM_NAME>/authentication"

If the security realm assigned to the management interface does not utilize LDAP for authentication, this is a finding.

Vulnerability Number

V-213529

Documentable

False

Rule Version

JBOS-AS-000290

Severity Override Guidance

Log on to the OS of the JBoss server with OS permissions that allow access to JBoss.
Using the relevant OS commands and syntax, cd to the <JBOSS_HOME>/bin/ folder.
Run the jboss-cli script.
Connect to the server and authenticate.

Obtain the list of management interfaces by running the command:
"ls /core-service=management/management-interface"

Identify the security realm used by each management interface configuration by running the command:
"ls /core-service=management/management-interface=<MANAGEMENT-INTERFACE-NAME>"

Determine if the security realm assigned to the management interface uses LDAP for authentication by running the command:
"ls /core-service=management/security-realm=<SECURITY_REALM_NAME>/authentication"

If the security realm assigned to the management interface does not utilize LDAP for authentication, this is a finding.

Check Content Reference

M

Target Key

3987

Comments