Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32842 | JRE0060-J6XP | SV-43236r1_rule | Medium |
Description |
---|
The deployment.config file is used to specify the location of the deployment.properties file and for controlling the launch of the JRE runtime. By default, these two files do not exist, they must both be created. Without a proper path to the deployment.properties file, deployment settings will fail. If the path specified in deployment.config does not lead to a deployment.properties file, then the value of the 'deployment.system.config.mandatory' key contained in deployment.config will determine how to handle the situation. If the value of this key is true, JRE will not run if the path to the properties file is invalid. |
STIG | Date |
---|---|
Java Runtime Environment (JRE) Version 6 STIG for Windows XP | 2013-03-12 |
Check Text ( C-41518r15_chk ) |
---|
Navigate to the deployment.config file: If the deployment.config file does not exist, it must be created. The deployment.config file is a text file containing 2 keys. They are: deployment.system.config = deployment.system.config.mandatory = For 32 bit systems: C:\Program Files(x86)\Java\jre6\lib\deployment.config. For 64 bit systems you must check both the 64 bit and the 32 bit config files: C:\Program Files\Java\jre6\lib\deployment.config C:\Program Files(x86)\Java\jre6\lib\deployment.config Verify the 'deployment.system.config' key in the deployment.config file is set to the correct path. Note that the characters : and \ must be delimited by a backslash. The path contained in the deployment.config file(s) will depend upon system architecture. The following paths are examples. Drive letters may vary based upon your system. For 32 bit systems the path is: 'file:C\:\\Program Files(x86)\\Java\\jre\\lib\\deployment.properties' For 64 bit systems the paths are: 'file:C\:\\Program Files\\Java\\jre\\lib\\deployment.properties' 'file:C\:\\Program Files(x86)\\Java\\jre\\lib\\deployment.properties' Verify the 'deployment.system.config.mandatory' key in the deployment.config file(s) are set to 'false'. If the 'deployment.system.config' key is not set to the correct path and the 'deployment.system.config.mandatory' key is not set to false, this is a finding. |
Fix Text (F-37154r12_fix) |
---|
If the deployment.config file does not exist, create the file. The deployment.config file is a text file containing 2 keys. They are: deployment.system.config = deployment.system.config.mandatory = On 32-bit systems the deployment config file should be located at: C:\Program Files(x86)\Java\jre6\lib\deployment.config On 64-bit systems there can be 2 locations for the deployment.config file. One is for 32 bit JRE and the other for 64 bit JRE: 64 bit - C:\Program Files\Java\jre6\lib\deployment.config 32 bit - C:\Program Files(x86)\Java\jre6\lib\deployment.config Include the following keys and values in the appropriate deployment.config file based upon your system architecture. If you are running both a 32 bit and a 64 bit JRE, you need to check both deployment.config files. The following are examples, drive letters may be vary. 32 bit 'deployment.system.config=file:C\:\\Program Files(x86)\\Java\\jre6\\lib\\deployment.properties' 'deployment.system.config.mandatory=false'. 64 bit 'deployment.system.config=file:C\:\\Program Files\\Java\\jre6\\lib\\deployment.properties' 'deployment.system.config.mandatory=false'. |