JBOS-AS-000275 - The JBoss server must be configured to use individual accounts and not generic or shared accounts.

Information

To assure individual accountability and prevent unauthorized access, application server users (and any processes acting on behalf of application server users) must be individually identified and authenticated.

A group authenticator is a generic account used by multiple individuals. Use of a group authenticator alone does not uniquely identify individual users.

Application servers must ensure that individual users are authenticated prior to authenticating via role or group authentication. This is to ensure that there is non-repudiation for actions taken.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure the application server so required users are individually authenticated by creating individual user accounts. Utilize an LDAP server that is configured according to DOD policy.

Item Details

Audit Name: DISA JBoss Enterprise Application Platform 6.3 STIG v2r6

Category: IDENTIFICATION AND AUTHENTICATION

Plugin: Unix

Control ID: 56d3323d6bfbe0d8fbeb9e0e14e64ce2e0604b7ed74f4d29050e1c885fa40fe9

Detections

Analytics

JBOS-AS-000275 - The JBoss server must be configured to use individual accounts and not generic or shared accounts.

Information

Solution

See Also

Item Details