TNS Best Practice Jetty 9 Linux

Audit Details

Name: TNS Best Practice Jetty 9 Linux

Updated: 4/25/2022

Authority: TNS

Plugin: Unix

Revision: 1.12

Estimated Item Count: 78

File Details

Filename: TNS_Best_Practices_Jetty_9_v1.0.0.audit

Size: 102 kB

MD5: cd13c10c244a859a2402051bfdfb9e00
SHA256: 179d3f2d7d1ac043668ae34de4250876eeb057aa6bbecb7cbe41acf40d4934db

Audit Changelog

 
Revision 1.12

Apr 25, 2022

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.11

Feb 1, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.10

Sep 29, 2020

Miscellaneous
  • References updated.
Revision 1.9

Jul 14, 2020

Functional Update
  • 1 - Application specific logging
  • 12 - Restrict access to logs directory - mode
  • 12 - Restrict access to logs directory - owner
  • 13 - Restrict access to temp directory - mode
  • 13 - Restrict access to temp directory - owner
  • 14 - Restrict access to binaries directory - mode
  • 14 - Restrict access to binaries directory - owner
  • 15 - Restrict access to web application directory - mode
  • 15 - Restrict access to web application directory - owner
  • 16 - Restrict access to JETTY.policy - mode
  • 16 - Restrict access to JETTY.policy - owner
  • 17 - Restrict access to JETTY.properties - mode
  • 17 - Restrict access to JETTY.properties - owner
  • 18 - Restrict access to context.xml - mode
  • 18 - Restrict access to context.xml - owner
  • 19 - Restrict access to logging.properties - mode
  • 19 - Restrict access to logging.properties - owner
  • 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.LEVEL=INFO
  • 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StrErrLog
  • 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.websocket.LEVEL=DEBUG
  • 21 - Restrict access to users.xml - mode
  • 21 - Restrict access to users.xml - owner
  • 22 - Use secure Realms
  • 27 - Ensure SSLEnabled is set to True for Sensitive Connectors - SSLEnabled
  • 27 - Ensure SSLEnabled is set to True for Sensitive Connectors - SSLEngine
  • 3 - Configure log file size limit - Settings
  • 31 - Starting with Security Manager
  • 32 - Disabling auto deployment of applications
  • 33 - Disable deploy on startup of applications
  • 35 - Do not allow custom header status messages
  • 36 - Configure connectionTimeout
  • 37 - Configure maxHttpHeaderSize
  • 4 - Restrict access to $JETTY_HOME - mode
  • 4 - Restrict access to $JETTY_HOME - owner
  • 40 - Do not allow symbolic linking
  • 41 - Do not run applications as privileged
  • 42 - Do not allow cross context requests
  • 43 - Do not resolve hosts on logging valves - @[email protected]
  • 43 - Do not resolve hosts on logging valves - @[email protected]
  • 44 - Use Lockout Realms
  • 45 - Restrict runtime access to sensitive packages
  • 6 - Encryption
  • 7 - SSL implementation - start.ini --module=deploy
  • 7 - SSL implementation - start.ini --module=http
  • 7 - SSL implementation - start.ini --module=https
  • 7 - SSL implementation - start.ini --module=ssl
  • 7 - SSL implementation - start.jar --module=deploy
  • 7 - SSL implementation - start.jar --module=http
  • 7 - SSL implementation - start.jar --module=https
  • 7 - SSL implementation - start.jar --module=ssl
Informational Update
  • 12 - Restrict access to logs directory - mode
  • 12 - Restrict access to logs directory - owner
  • 13 - Restrict access to temp directory - mode
  • 13 - Restrict access to temp directory - owner
  • 14 - Restrict access to binaries directory - mode
  • 14 - Restrict access to binaries directory - owner
  • 15 - Restrict access to web application directory - mode
  • 15 - Restrict access to web application directory - owner
  • 16 - Restrict access to JETTY.policy - owner
  • 17 - Restrict access to JETTY.properties - mode
  • 17 - Restrict access to JETTY.properties - owner
  • 19 - Restrict access to logging.properties - mode
  • 19 - Restrict access to logging.properties - owner
  • 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.LEVEL=INFO
  • 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StrErrLog
  • 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.websocket.LEVEL=DEBUG
  • 21 - Restrict access to users.xml - mode
  • 21 - Restrict access to users.xml - owner
  • 22 - Use secure Realms
  • 25 - Disable Unused Connectors
  • 28 - Ensure scheme is set accurately
  • 29 - Ensure secure is set to true only for SSL-enabled Connectors
  • 30 - Ensure sslProtocol is set to TLS for Secure Connector
  • 31 - Starting with Security Manager
  • 32 - Disabling auto deployment of applications
  • 33 - Disable deploy on startup of applications
  • 34 - Ensure Web content directory is on a separate partition from the system files
  • 35 - Do not allow custom header status messages
  • 36 - Configure connectionTimeout
  • 37 - Configure maxHttpHeaderSize
  • 38 - Force SSL for all applications
  • 39 - Increase the entropy in session identifiers
  • 4 - Restrict access to $JETTY_HOME - mode
  • 4 - Restrict access to $JETTY_HOME - owner
  • 45 - Restrict runtime access to sensitive packages
  • 8 - Management IP - .htacess exists
Miscellaneous
  • Metadata updated.
  • Platform check updated.
  • Variables updated.
Added
  • 20 - Restrict access to server.xml - mode
  • 20 - Restrict access to server.xml - owner
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/ROOT/admin
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/balancer
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/doc
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/examples
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/js-examples
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/servlet-example
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/webdav
Removed
  • 20 - Restrict access to @[email protected] - mode
  • 20 - Restrict access to @[email protected] - owner
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/ROOT/admin
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/balancer
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/doc
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/examples
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/js-examples
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/servlet-example
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/webdav
Revision 1.8

Apr 22, 2020

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.7

Feb 7, 2019

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.6

Dec 13, 2018

Miscellaneous
  • References updated.
Revision 1.5

Jul 24, 2018

Miscellaneous
  • Platform check updated.
  • References updated.
Added
  • TNS_Best_Practices_Jetty_9_v1.0.0.audit