Revision 1.23Jun 9, 2021
Informational Update
- 1.17 The allRolesMode must be configured to 'strict' - 'allRolesMode = strict'
- 2.25 Ensure Configure SecurityInterceptor logging level is set correctly - 'org.jboss.ejb.plugins.SecurityInterceptor = true'
- 2.29 Production applications should not log output to the JBoss console - 'JBoss console output log = false'
- 3.1 Ensure JMX Console is either secured or removed - 'java:/jaas/jmx-console = true'
- 3.1 Ensure JMX Console is either secured or removed - 'java:/jaas/jmx-console = true' - jmx-console.war
- 3.4 The JMXInvokerServlet servlet must be secured against web attacks
- 3.4 The JMXInvokerServlet servlet must be secured against web attacks - 'http-method,'POST' = false'
- 3.4 The JMXInvokerServlet servlet must be secured against web attacks - 'http-method,GET = false'
- 3.5 JMXInvokerServlet configuration - 'usersProperties = props/jmx-console-users.properties'
- 3.5 JMXInvokerServlet servlet configuration - 'rolesProperties = props/jmx-console-roles.properties'
- 3.5 The JMXInvokerServlet servlet must be configured to prevent unprivileged access using authentication - 'java:/jaas/jmx-console = true'
- 3.6 JMXInvokerServlet configuration - 'org.jboss.jmx.connector.invoker.RolesAuthorization = true'
- 3.6 JMXInvokerServlet configuration - 'rolesProperties = props/jmx-console-roles.properties'
- 3.6 JMXInvokerServlet configuration - 'usersProperties = props/jmx-console-users.properties'
Added
- 2.28 Ensure all required information is displayed in <layout> - 'ConversionPattern = \%d \%-5p \\[\%c\\] \\(\%t:\%x\\) \%m\%n'
Removed
- 2.28 Ensure all required information is displayed in <layout> - 'ConversionPattern = \%d \%-5p \\[\%c\\] \\(\%t:\%x\\) \%m\%n'
