UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

JBoss file permissions must be configured to protect the confidentiality and integrity of application files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-62299 JBOS-AS-000400 SV-76789r1_rule Medium
Description
The JBoss EAP Application Server is a Java-based AS. It is installed on the OS file system and depends upon file system access controls to protect application data at rest. The file permissions set on the JBoss EAP home folder must be configured so as to limit access to only authorized people and processes. The account used for operating the JBoss server and any designated administrative or operational accounts are the only accounts that should have access. When data is written to digital media such as hard drives, mobile computers, external/removable hard drives, personal digital assistants, flash/thumb drives, etc., there is risk of data loss and data compromise. Steps must be taken to ensure data stored on the device is protected.
STIG Date
JBoss EAP 6.3 Security Technical Implementation Guide 2015-11-09

Details

Check Text ( C-63103r1_chk )
By default, JBoss installs its files into a folder called "jboss-eap-6.3". This folder by default is stored within the home folder of the JBoss user account. The installation process, however, allows for the override of default values to obtain folder and user account information from the system admin.

Log on with a user account with JBoss access and permissions.

Navigate to the "Jboss-eap-6.3" folder using the relevant OS commands for either a UNIX-like OS or a Windows OS.

Examine the permissions of the JBoss folder.

Owner can be full access.
Group can be full access.
All others must be restricted to execute access or no permission.

If the JBoss folder is world readable or world writeable, this is a finding.
Fix Text (F-68219r1_fix)
Configure file permissions on the JBoss folder to protect from unauthorized access.