How to: Hardening & Securing JBoss 6x

Secure (Web) Admin-Console/JMX-Console

Follow the steps here: https://community.jboss.org/wiki/SecureTheJmxConsole

Summary of the steps (There are no separate steps for Admin-Console securing, same security constraints applies to it automatically):

  • <JBOSS_HOME>/common/deploy/jmx-console.war/WEB-INF/

              web.xml & jboss-web.xml: Uncomment the Security Constraint Block.

  • <JBOSS_HOME>/server/PROFILE/conf/props

             jmx-console-users.properties: Change password here.

Remove Unnecessary Services

You may want to remove: JMS, JUDDI, Key Generator

Follow the steps here: https://community.jboss.org/wiki/JBoss6xTuningSlimming

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: