Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Remote access to JMX subsystem must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-62269 | JBOS-AS-000240 | SV-76759r1_rule | Medium |
| Description |
|---|
| The JMX subsystem allows you to trigger JDK and application management operations remotely. In a managed domain configuration, the JMX subsystem is removed by default. For a standalone configuration, it is enabled by default and must be removed. |
| STIG | Date |
|---|---|
| JBoss EAP 6.3 Security Technical Implementation Guide | 2019-09-30 |
Details
| Check Text ( C-63073r1_chk ) |
|---|
| Log on to the OS of the JBoss server with OS permissions that allow access to JBoss. Using the relevant OS commands and syntax, cd to the Run the jboss-cli script to start the Command Line Interface (CLI). Connect to the server and authenticate. For a Managed Domain configuration, you must check each profile name: For each PROFILE NAME, run the command: "ls /profile= For a Standalone configuration: "ls /subsystem=jmx/remoting-connector" If "jmx" is returned, this is a finding. |
| Fix Text (F-68189r1_fix) |
|---|
| Log on to the OS of the JBoss server with OS permissions that allow access to JBoss. Using the relevant OS commands and syntax, cd to the Run the jboss-cli script to start the Command Line Interface (CLI). Connect to the server and authenticate. For a Managed Domain configuration you must check each profile name: For each PROFILE NAME, run the command: "/profile= For a Standalone configuration: "/subsystem=jmx/remoting-connector=jmx:remove" |