3.5 The JMXInvokerServlet servlet must be configured to prevent unprivileged access using authentication - 'java:/jaas/jmx-console = true'

Information

The jmx-invoker-service.xml is a service that exposes the JMX MBeanServer interface via an RMI compatible interface using the RMI/JRMP detached invoker service. This interface must be made unavailable to unprivileged users which can be done by using the org.jboss.jmx.connector.invoker.AuthenticationInterceptor interceptor for performing identification and authentication using JAAS.

Solution

Open JBOSS_HOME/server/@[email protected]/deploy/jmx-invoker-service.xml, and ensure the <operation> element with child element <name>invoke</name> also contains the following <interceptor>:

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2, 800-53|IA-3, CAT|I

Plugin: Unix

Control ID: 70bfd47cc965bca74984ffa6f2d73c70df6341612a961f9d5797948339e2a0de