Detections
Analytics

TNS Best Practice Jetty 9 Linux

Audit Details

Name: TNS Best Practice Jetty 9 Linux

Updated: 6/17/2024

Authority: TNS

Plugin: Unix

Revision: 1.17

Estimated Item Count: 78

File Details

Filename: TNS_Best_Practices_Jetty_9_v1.0.0.audit

Size: 104 kB

MD5: a7e1691069bf16b4f018421c32cbc867
SHA256: 6876540e01a4ab8cb0345089c375c7f44f2f715c8d513d14823737c1087bde95

Audit Changelog

 
Revision 1.17

Jun 17, 2024

Miscellaneous
  • Metadata updated.
Revision 1.16

Dec 22, 2023

Miscellaneous
  • References updated.
Revision 1.15

Apr 12, 2023

Miscellaneous
  • Metadata updated.
Revision 1.14

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
  • Variables updated.
Revision 1.13

Dec 7, 2022

Functional Update
  • 45 - Restrict runtime access to sensitive packages
Added
  • 43 - Do not resolve hosts on logging valves - CONTEXT_XML
  • 43 - Do not resolve hosts on logging valves - SERVER_XML
Removed
  • 43 - Do not resolve hosts on logging valves - @CONTEXT_XML@
  • 43 - Do not resolve hosts on logging valves - @SERVER_XML@
Revision 1.12

Apr 25, 2022

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.11

Feb 1, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.10

Sep 29, 2020

Miscellaneous
  • References updated.
Revision 1.9

Jul 14, 2020

Functional Update
  • 1 - Application specific logging
  • 12 - Restrict access to logs directory - mode
  • 12 - Restrict access to logs directory - owner
  • 13 - Restrict access to temp directory - mode
  • 13 - Restrict access to temp directory - owner
  • 14 - Restrict access to binaries directory - mode
  • 14 - Restrict access to binaries directory - owner
  • 15 - Restrict access to web application directory - mode
  • 15 - Restrict access to web application directory - owner
  • 16 - Restrict access to JETTY.policy - mode
  • 16 - Restrict access to JETTY.policy - owner
  • 17 - Restrict access to JETTY.properties - mode
  • 17 - Restrict access to JETTY.properties - owner
  • 18 - Restrict access to context.xml - mode
  • 18 - Restrict access to context.xml - owner
  • 19 - Restrict access to logging.properties - mode
  • 19 - Restrict access to logging.properties - owner
  • 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.LEVEL=INFO
  • 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StrErrLog
  • 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.websocket.LEVEL=DEBUG
  • 21 - Restrict access to users.xml - mode
  • 21 - Restrict access to users.xml - owner
  • 22 - Use secure Realms
  • 27 - Ensure SSLEnabled is set to True for Sensitive Connectors - SSLEnabled
  • 27 - Ensure SSLEnabled is set to True for Sensitive Connectors - SSLEngine
  • 3 - Configure log file size limit - Settings
  • 31 - Starting with Security Manager
  • 32 - Disabling auto deployment of applications
  • 33 - Disable deploy on startup of applications
  • 35 - Do not allow custom header status messages
  • 36 - Configure connectionTimeout
  • 37 - Configure maxHttpHeaderSize
  • 4 - Restrict access to $JETTY_HOME - mode
  • 4 - Restrict access to $JETTY_HOME - owner
  • 40 - Do not allow symbolic linking
  • 41 - Do not run applications as privileged
  • 42 - Do not allow cross context requests
  • 43 - Do not resolve hosts on logging valves - @CONTEXT_XML@
  • 43 - Do not resolve hosts on logging valves - @SERVER_XML@
  • 44 - Use Lockout Realms
  • 45 - Restrict runtime access to sensitive packages
  • 6 - Encryption
  • 7 - SSL implementation - start.ini --module=deploy
  • 7 - SSL implementation - start.ini --module=http
  • 7 - SSL implementation - start.ini --module=https
  • 7 - SSL implementation - start.ini --module=ssl
  • 7 - SSL implementation - start.jar --module=deploy
  • 7 - SSL implementation - start.jar --module=http
  • 7 - SSL implementation - start.jar --module=https
  • 7 - SSL implementation - start.jar --module=ssl
Informational Update
  • 12 - Restrict access to logs directory - mode
  • 12 - Restrict access to logs directory - owner
  • 13 - Restrict access to temp directory - mode
  • 13 - Restrict access to temp directory - owner
  • 14 - Restrict access to binaries directory - mode
  • 14 - Restrict access to binaries directory - owner
  • 15 - Restrict access to web application directory - mode
  • 15 - Restrict access to web application directory - owner
  • 16 - Restrict access to JETTY.policy - owner
  • 17 - Restrict access to JETTY.properties - mode
  • 17 - Restrict access to JETTY.properties - owner
  • 19 - Restrict access to logging.properties - mode
  • 19 - Restrict access to logging.properties - owner
  • 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.LEVEL=INFO
  • 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StrErrLog
  • 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.websocket.LEVEL=DEBUG
  • 21 - Restrict access to users.xml - mode
  • 21 - Restrict access to users.xml - owner
  • 22 - Use secure Realms
  • 25 - Disable Unused Connectors
  • 28 - Ensure scheme is set accurately
  • 29 - Ensure secure is set to true only for SSL-enabled Connectors
  • 30 - Ensure sslProtocol is set to TLS for Secure Connector
  • 31 - Starting with Security Manager
  • 32 - Disabling auto deployment of applications
  • 33 - Disable deploy on startup of applications
  • 34 - Ensure Web content directory is on a separate partition from the system files
  • 35 - Do not allow custom header status messages
  • 36 - Configure connectionTimeout
  • 37 - Configure maxHttpHeaderSize
  • 38 - Force SSL for all applications
  • 39 - Increase the entropy in session identifiers
  • 4 - Restrict access to $JETTY_HOME - mode
  • 4 - Restrict access to $JETTY_HOME - owner
  • 45 - Restrict runtime access to sensitive packages
  • 8 - Management IP - .htacess exists
Miscellaneous
  • Metadata updated.
  • Platform check updated.
  • Variables updated.
Added
  • 20 - Restrict access to server.xml - mode
  • 20 - Restrict access to server.xml - owner
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/ROOT/admin
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/balancer
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/doc
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/examples
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/js-examples
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/servlet-example
  • 24 - Remove extraneous files and directories - $JETTY_BASE/webapps/webdav
Removed
  • 20 - Restrict access to @SERVER_XML@ - mode
  • 20 - Restrict access to @SERVER_XML@ - owner
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/ROOT/admin
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/balancer
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/doc
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/examples
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/js-examples
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/servlet-example
  • 24 - Remove extraneous files and directories - $JETTY_HOME/webapps/webdav
Revision 1.8

Apr 22, 2020

Miscellaneous
  • Metadata updated.
  • References updated.