STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-213536r615939_rule
V-213536
SRG-APP-000231-AS-000133
JBOS-AS-000400
CAT II
10
Configure file permissions on the JBoss folder to protect from unauthorized access.
By default, JBoss installs its files into a folder called "jboss-eap-6.3". This folder by default is stored within the home folder of the JBoss user account. The installation process, however, allows for the override of default values to obtain folder and user account information from the system admin.
Log on with a user account with JBoss access and permissions.
Navigate to the "Jboss-eap-6.3" folder using the relevant OS commands for either a UNIX-like OS or a Windows OS.
Examine the permissions of the JBoss folder.
Owner can be full access.
Group can be full access.
All others must be restricted to execute access or no permission.
If the JBoss folder is world readable or world writeable, this is a finding.
V-213536
False
JBOS-AS-000400
By default, JBoss installs its files into a folder called "jboss-eap-6.3". This folder by default is stored within the home folder of the JBoss user account. The installation process, however, allows for the override of default values to obtain folder and user account information from the system admin.
Log on with a user account with JBoss access and permissions.
Navigate to the "Jboss-eap-6.3" folder using the relevant OS commands for either a UNIX-like OS or a Windows OS.
Examine the permissions of the JBoss folder.
Owner can be full access.
Group can be full access.
All others must be restricted to execute access or no permission.
If the JBoss folder is world readable or world writeable, this is a finding.
M
3987