how to harden jboss server
Hi Techrunnr subscribers, this document deals with how to harden jboss server.
JBoss Application Server (JBoss AS) is an open-source, cross-platform Java application server developed by JBoss, a division of Red Hat Inc. JBoss AS is an open-source implementation of Java 2 Enterprise Edition (J2EE) that is used for implementing Java applications and other Web-based applications and software.
1.Disabling the default JBoss 7 welcome pages
Remove the default jboss welcome pages, allowing this will lead to attacker to know about application and infra.
2. Secure Jboss JMX Console.
Opening JMX port to outside world leads to attacker to get the details about jboss server, including monitoring and management of jboss.
2. Run using different user other than root
Its always recommended to run jboss on less privileged user.
3. Don’t open debug port to public
Opening Debug port to public will lead to attacker get all information about application.
4.Enabling only HTTPS and disabling HTTP
Its always recommended to use HTTPS over HTTP, where HTTPS is secured with certificate(public and private).
5. Disable management port open to public
Disable web based management port opened to public. Attacker can get access to management port and trouble your application
6.Disable the display of source fragment
Always better to display of source fragement.
7.Removing the x-powered-by http header
Remove Disabling the default JBoss 7 welcome pages which shows information about the server and service used.
© 2018, Techrunnr. All rights reserved.