STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-213538r615939_rule
V-213538
SRG-APP-000316-AS-000199
JBOS-AS-000470
CAT II
10
Run the <JBOSS_HOME>/bin/jboss-cli command line interface utility.
Connect to the JBoss server and run the following command.
/core-service=management/management-interface=httpinterface/:write-attribute(name=console-enabled,value=false)
Successful command execution returns
{"outcome" => "success"}, and future attempts to access the management console via web browser at <SERVERNAME>:9990 will result in no access to the admin console.
Log on to each of the JBoss domain member servers.
Note: Sites that manage systems using the JBoss Operations Network client require HTTP interface access. It is acceptable that the management console alone be disabled rather than disabling the entire interface itself.
Run the <JBOSS_HOME>/bin/jboss-cli command line interface utility and connect to the JBoss server.
Run the following command:
ls /core-service=management/management-interface=httpinterface/
If "console-enabled=true", this is a finding.
V-213538
False
JBOS-AS-000470
Log on to each of the JBoss domain member servers.
Note: Sites that manage systems using the JBoss Operations Network client require HTTP interface access. It is acceptable that the management console alone be disabled rather than disabling the entire interface itself.
Run the <JBOSS_HOME>/bin/jboss-cli command line interface utility and connect to the JBoss server.
Run the following command:
ls /core-service=management/management-interface=httpinterface/
If "console-enabled=true", this is a finding.
M
3987