TNS Best Practice Jetty 9 Linux

Audit Details

Name: TNS Best Practice Jetty 9 Linux

Updated: 4/25/2022

Authority: TNS

Plugin: Unix

Revision: 1.12

Estimated Item Count: 78

File Details

Filename: TNS_Best_Practices_Jetty_9_v1.0.0.audit

Size: 102 kB

MD5: cd13c10c244a859a2402051bfdfb9e00
SHA256: 179d3f2d7d1ac043668ae34de4250876eeb057aa6bbecb7cbe41acf40d4934db

Audit Items

DescriptionCategories
1 - Application specific logging
1 - Application specific logging - ${jetty.base}/start.ini --module=logging
1 - Application specific logging - start.jar --module=logging
2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.LEVEL=INFO

AUDIT AND ACCOUNTABILITY

2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StrErrLog

AUDIT AND ACCOUNTABILITY

2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.websocket.LEVEL=DEBUG

AUDIT AND ACCOUNTABILITY

3 - Configure log file size limit - org.eclipse.jetty.server.handler.RequestLogHandler

AUDIT AND ACCOUNTABILITY

3 - Configure log file size limit - Settings

AUDIT AND ACCOUNTABILITY

4 - Restrict access to $JETTY_HOME - mode

ACCESS CONTROL

4 - Restrict access to $JETTY_HOME - owner

ACCESS CONTROL

5 - Authentication
6 - Encryption

SYSTEM AND COMMUNICATIONS PROTECTION

7 - SSL implementation - start.ini --module=deploy

SYSTEM AND COMMUNICATIONS PROTECTION

7 - SSL implementation - start.ini --module=http

SYSTEM AND COMMUNICATIONS PROTECTION

7 - SSL implementation - start.ini --module=https

SYSTEM AND COMMUNICATIONS PROTECTION

7 - SSL implementation - start.ini --module=ssl

SYSTEM AND COMMUNICATIONS PROTECTION

7 - SSL implementation - start.jar --module=deploy

SYSTEM AND COMMUNICATIONS PROTECTION

7 - SSL implementation - start.jar --module=http

SYSTEM AND COMMUNICATIONS PROTECTION

7 - SSL implementation - start.jar --module=https

SYSTEM AND COMMUNICATIONS PROTECTION

7 - SSL implementation - start.jar --module=ssl

SYSTEM AND COMMUNICATIONS PROTECTION

8 - Management IP - .htacess exists

CONFIGURATION MANAGEMENT

8 - Management IP - review $jetty_home/contexts xml file
9 - Information Leakage
10 - Access Control - Security Realms
11 - Access Control - JAAS
12 - Restrict access to logs directory - mode

ACCESS CONTROL

12 - Restrict access to logs directory - owner

ACCESS CONTROL

13 - Restrict access to temp directory - mode

ACCESS CONTROL

13 - Restrict access to temp directory - owner

ACCESS CONTROL

14 - Restrict access to binaries directory - mode

ACCESS CONTROL

14 - Restrict access to binaries directory - owner

ACCESS CONTROL

15 - Restrict access to web application directory - mode

ACCESS CONTROL

15 - Restrict access to web application directory - owner

ACCESS CONTROL

16 - Restrict access to JETTY.policy - mode

ACCESS CONTROL

16 - Restrict access to JETTY.policy - owner

ACCESS CONTROL

17 - Restrict access to JETTY.properties - mode

ACCESS CONTROL

17 - Restrict access to JETTY.properties - owner

ACCESS CONTROL

18 - Restrict access to context.xml - mode

ACCESS CONTROL

18 - Restrict access to context.xml - owner

ACCESS CONTROL

19 - Restrict access to logging.properties - mode

ACCESS CONTROL

19 - Restrict access to logging.properties - owner

ACCESS CONTROL

20 - Restrict access to server.xml - mode

ACCESS CONTROL

20 - Restrict access to server.xml - owner

ACCESS CONTROL

21 - Restrict access to users.xml - mode

ACCESS CONTROL

21 - Restrict access to users.xml - owner

ACCESS CONTROL

22 - Use secure Realms

SYSTEM AND COMMUNICATIONS PROTECTION

23 - Strong password policy must be established
24 - Remove extraneous files and directories - $JETTY_BASE/webapps/balancer

CONFIGURATION MANAGEMENT

24 - Remove extraneous files and directories - $JETTY_BASE/webapps/doc

CONFIGURATION MANAGEMENT

24 - Remove extraneous files and directories - $JETTY_BASE/webapps/examples

CONFIGURATION MANAGEMENT