3.1 Ensure JMX Console is either secured or removed - 'java:/jaas/jmx-console = true'

Information

The JMX Console application must be secured so it is accessible by trusted administrators only. If this condition is not met, the application must be removed (deleted) from deployment.

Solution

First, ensure that an <application-policy> element is defined that requires authentication. Default policies exist for jmx-console and web-console. Example of a satisfactory element:

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CAT|I

Plugin: Unix

Control ID: fc84b792bf4a801f49a78cdf81b85c1deb277975039b58e4d789174dd8afb409