UCF STIG Viewer Logo

The configuration file must contain proper keys and values to deploy settings correctly.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32842 JRE0060-J72K7 SV-43646r2_rule DCBP-1 Medium
Description
This configuration file must hold values of the location of the deployment.properties file as well as the enforcement of these properties. Without a proper path for the properties file, deployment would not be possible. If the path specified does not lead to a properties file the value of the 'deployment.system.config. mandatory' key determines how to handle the situation. If the value of this key is true, JRE will not run if the path to the properties file is invalid.
STIG Date
Java Runtime Environment (JRE) version 7 STIG for Windows 7 2015-12-10

Details

Check Text ( C-41521r7_chk )

Navigate to the deployment.config file:
If the deployment.config file does not exist, it must be created. The deployment.config file is a text file containing 2 keys. They are:

deployment.system.config =
deployment.system.config.mandatory =

For 32 bit systems:
C:\Program Files\Java\jre7\lib\deployment.config.

For 64 bit systems you must check both the 64 bit and the 32 bit config files:
C:\Program Files\Java\jre7\lib\deployment.config
C:\Program Files (x86)\Java\jre7\lib\deployment.config

Verify the 'deployment.system.config' key in the deployment.config file is set to the correct path. Note that the characters : and \ must be delimited by a backslash.

The path contained in the deployment.config file(s) will depend upon system architecture. The following paths are examples. Drive letters may vary based upon your system.

For 32 bit systems the path is:
'file:C\:\\Program Files\\Java\\jre7\\lib\\deployment.properties'

For 64 bit systems the paths are:
'file:C\:\\Program Files\\Java\\jre7\\lib\\deployment.properties'

'file:C\:\\Program Files (x86)\\Java\\jre7\\lib\\deployment.properties'

Verify the 'deployment.system.config.mandatory' key in the deployment.config file(s) are set to 'false'.

If the 'deployment.system.config' key is not set to the correct path and the 'deployment.system.config.mandatory' key is not set to false, this is a finding.
Fix Text (F-37157r7_fix)

If the deployment.config file does not exist, create the file. The deployment.config file is a text file containing 2 keys. They are:

deployment.system.config =
deployment.system.config.mandatory =

On 32-bit systems the deployment config file should be located at:
C:\Program Files\Java\jre7\lib\deployment.config

On 64-bit systems there can be 2 locations for the deployment.config file. One is for 32 bit JRE and the other for 64 bit JRE:

64 bit - C:\Program Files\Java\jre7\lib\deployment.config
32 bit - C:\Program Files (x86)\Java\jre7\lib\deployment.config

Include the following keys and values in the appropriate deployment.config file based upon your system architecture. If you are running both a 32 bit and a 64 bit JRE, you need to update both deployment.config files. The following are examples, drive letters may vary.

32 bit
'deployment.system.config=file:C\:\\Program Files (x86)\\Java\\jre7\\lib\\deployment.properties'
'deployment.system.config.mandatory=false'.

64 bit
'deployment.system.config=file:C\:\\Program Files\\Java\\jre7\\lib\\deployment.properties'
'deployment.system.config.mandatory=false'.