Detections
Analytics
JBOS-AS-000475 - The application server must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges.Restricting non-privileged users also prevents an attacker who has gained access to a non-privileged account, from elevating privileges, creating accounts, and performing system checks and maintenance.
Solution
Run the following command.<JBOSS_HOME>/bin/jboss-cli.sh -c -> connect -> cd /core-service=management/access-authorization :write-attribute(name=provider, value=rbac)
Restart JBoss.
Map users to roles by running the following command. Upper-case words are variables.
role-mapping=ROLENAME/include=ALIAS:add(name-USERNAME, type=USER ROLE)
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_JBoss_EAP_6-3_V2R4_STIG.zip
Item Details
Audit Name: DISA RedHat JBoss EAP 6.3 STIG v2r4
References: CAT|II, CCI|CCI-002235, Rule-ID|SV-213539r955082_rule, STIG-ID|JBOS-AS-000475, STIG-Legacy|SV-76795, STIG-Legacy|V-62305, Vuln-ID|V-213539
Plugin: Unix
Control ID: 40d4263cfabd457df915196b7d08fb741095362959657f9068e5bab2ad40bc03