Item Search

NameAudit NamePluginCategory
1.1 JBoss Enterprise Application Platform should be a vendor supported versionRedhat JBoss EAP 5.xUnix

CONFIGURATION MANAGEMENT

1.1/1.2 - JBoss Enterprise Application Platform/Ensure Java Runtime Environment in use is a supported versionRedhat JBoss EAP 5.xUnix

CONFIGURATION MANAGEMENT

1.006-01 - Policy must require that administrative user accounts not be used with applications that access the internet.DISA Windows Vista STIG v6r41Windows

CONFIGURATION MANAGEMENT

1.23 snmp-adaptor.sar must not be deployed - 'JBOSS_HOME/server/@[email protected]/deploy/snmp-adaptor.sar'Redhat JBoss EAP 5.xUnix

CONFIGURATION MANAGEMENT

3.1 Ensure JMX Console is either secured or removed - 'java:/jaas/jmx-console = true'Redhat JBoss EAP 5.xUnix

ACCESS CONTROL

3.1 Ensure JMX Console is either secured or removed - 'java:/jaas/jmx-console = true'Redhat JBoss EAP 5.xUnix

ACCESS CONTROL

3.1 Ensure JMX Console is either secured or removed - 'java:/jaas/jmx-console = true' - jmx-console.warRedhat JBoss EAP 5.xUnix

CONFIGURATION MANAGEMENT

3.2 Ensure Web Console is either secured or removed - 'java:/jaas/jmx-console = true'Redhat JBoss EAP 5.xUnix

CONFIGURATION MANAGEMENT

3.2 Ensure Web Console is either secured or removed - 'JBOSS_HOME/server/@[email protected]/deploy/admin-console.war'Redhat JBoss EAP 5.xUnix

CONFIGURATION MANAGEMENT

3.3 Ensure Admin Console is either secured or removedRedhat JBoss EAP 5.xUnix

ACCESS CONTROL

3.3 Ensure Admin Console is either secured or removed - 'java:/jaas/jmx-console = true'Redhat JBoss EAP 5.xUnix

ACCESS CONTROL

3.3 Ensure Admin Console is either secured or removed - 'JBOSS_HOME/server/@[email protected]/deploy/management'Redhat JBoss EAP 5.xUnix

CONFIGURATION MANAGEMENT

3.4 The JMXInvokerServlet servlet must be secured against web attacksRedhat JBoss EAP 5.xUnix

ACCESS CONTROL

3.4 The JMXInvokerServlet servlet must be secured against web attacks - 'http-method,'POST' = false'Redhat JBoss EAP 5.xUnix

ACCESS CONTROL

3.4 The JMXInvokerServlet servlet must be secured against web attacks - 'http-method,GET = false'Redhat JBoss EAP 5.xUnix

ACCESS CONTROL

3.5 JMXInvokerServlet configuration - 'usersProperties = props/jmx-console-users.properties'Redhat JBoss EAP 5.xUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

3.5 JMXInvokerServlet servlet configuration - 'rolesProperties = props/jmx-console-roles.properties'Redhat JBoss EAP 5.xUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

3.5 The JMXInvokerServlet servlet must be configured to prevent unprivileged access using authenticationRedhat JBoss EAP 5.xUnix

IDENTIFICATION AND AUTHENTICATION

3.5 The JMXInvokerServlet servlet must be configured to prevent unprivileged access using authentication - 'java:/jaas/jmx-console = true'Redhat JBoss EAP 5.xUnix

IDENTIFICATION AND AUTHENTICATION

3.6 JMXInvokerServlet configuration - 'org.jboss.jmx.connector.invoker.RolesAuthorization = true'Redhat JBoss EAP 5.xUnix

ACCESS CONTROL

3.6 JMXInvokerServlet configuration - 'usersProperties = props/jmx-console-users.properties'Redhat JBoss EAP 5.xUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

3.6 The JMXInvokerServlet servlet must be configured to prevent unprivileged access using authenticationRedhat JBoss EAP 5.xUnix

ACCESS CONTROL

DG0001-ORACLE11 - Vendor supported software is evaluated and patched against newly found vulnerabilities.DISA STIG Oracle 11 Installation v9r1 WindowsWindows

SYSTEM AND INFORMATION INTEGRITY

NET0230 - Network element is not password protected.DISA STIG Cisco L2 Switch V8R27Cisco

IDENTIFICATION AND AUTHENTICATION

NET0240 - Devices exist with standard default passwords.DISA STIG Cisco L2 Switch V8R27Cisco
NET0460 - Group accounts are defined.DISA STIG Cisco L2 Switch V8R27Cisco
NET1623 - Authentication required for console access - 'AUX port no exec'DISA STIG Cisco L2 Switch V8R27Cisco

CONFIGURATION MANAGEMENT

NET1623 - Authentication required for console access - 'CON port (login authentication AUTH_LIST)'DISA STIG Cisco L2 Switch V8R27Cisco

ACCESS CONTROL

NET1636 - Management connections must require passwords - 'VTY port (login authentication AUTH_LIST)'DISA STIG Cisco L2 Switch V8R27Cisco

ACCESS CONTROL

NET1665 - Using default SNMP community names - 'Community set to Public or Private'DISA STIG Cisco L2 Switch V8R27Cisco

IDENTIFICATION AND AUTHENTICATION

WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - '.HTR scripting Disallowed'DISA STIG IIS 6.0 Site Checklist v6r16Windows

CONFIGURATION MANAGEMENT

WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - 'Index Server Web Interface Disallowed'DISA STIG IIS 6.0 Site Checklist v6r16Windows

CONFIGURATION MANAGEMENT

WA000-WI092 IIS6 - The IIS web site permissions 'Write' or 'Script Source' must not be selected. - 'Script Source permission check'DISA STIG IIS 6.0 Site Checklist v6r16Windows

ACCESS CONTROL

WA000-WI092 IIS6 - The IIS web site permissions 'Write' or 'Script Source' must not be selected. - 'Write permission check'DISA STIG IIS 6.0 Site Checklist v6r16Windows

ACCESS CONTROL

WA000-WI6040 IIS6 - A unique non-privileged account must be used to run Worker Process Identities. - 'AppPoolIdentityType = 3 - WAMUserName'DISA STIG IIS 6.0 Site Checklist v6r16Windows

ACCESS CONTROL

WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - +IncludesDISA STIG Apache Server 2.2 Unix v1r11Unix

ACCESS CONTROL

WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - NoneDISA STIG Apache Server 2.2 Unix v1r11Unix
WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - NoneDISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - Options NoneDISA STIG Apache Server 2.2 Unix v1r11Unix

ACCESS CONTROL

WA155 W22 - Classified web servers will be afforded physical security commensurate with the classification of its content.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG190 A22 - Web server software must be a vendor-supported version.DISA STIG Apache Server 2.2 Unix v1r11Unix

SYSTEM AND INFORMATION INTEGRITY

WG235 A22 - Web Administrators must only use encrypted connections for Document Root directory uploads.DISA STIG Apache Site 2.2 Unix v1r11Unix
WG235 A22 - Web Administrators must only use encrypted connections for Document Root directory uploads.DISA STIG Apache Site 2.2 Unix v1r11 MiddlewareUnix
WG235 IIS6 - Web Administrators must secure encrypted connections for Document Root directory uploads.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG235 W22 - Web Administrators must only use encrypted connections for Document Root directory uploads.DISA STIG Apache Site 2.2 Windows v1r13Windows
WG360 A22 - Symbolic links must not be used in the web content directory tree - confDISA STIG Apache Site 2.2 Unix v1r11 MiddlewareUnix

CONFIGURATION MANAGEMENT

WG360 A22 - Symbolic links must not be used in the web content directory tree - findDISA STIG Apache Site 2.2 Unix v1r11Unix

CONFIGURATION MANAGEMENT

WG360 A22 - Symbolic links must not be used in the web content directory tree - findDISA STIG Apache Site 2.2 Unix v1r11 MiddlewareUnix

CONFIGURATION MANAGEMENT

WG385 A22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server.DISA STIG Apache Server 2.2 Unix v1r11Unix

CONFIGURATION MANAGEMENT

WG385 W22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. - 'test-cgi'DISA STIG Apache Server 2.2 Windows v1r13Windows

CONFIGURATION MANAGEMENT