JBoss Hardening -Password Protection for JMX Console and Web Console.

book

Article ID: 51246

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Description:

On the root JBoss server page, the jmx-console and the Web Console are accessible to anyone on the network. These pages often contain content that administrators wish to keep from regular users. JBoss includes the ability to secure these pages by enabling the built-in security-constraint.

Solution:

  1. Stop JBoss.
  2. Edit server/default/deploy/jmx-console.war/WEB-INF/web.xml and uncomment the security-constraint section so it looks like the following:


<Please see attached file for image>

Figure 1

  • Edit server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml and uncomment the following line:
  • <Please see attached file for image>

    Figure 2

  • Edit server/default/conf/props/jmx-console-roles.properties.
    This file defines the roles of each user. By default, the above section defines the JBossAdmin role as an accessor to the JMX console.
    This file is formatted like the following:
  • <Please see attached file for image>

    Figure 3

  • Edit server/default/conf/props/jmx-console-users.properties.
    This file defines the users and passwords.
    This file is formatted like the following:
  • <Please see attached file for image>

    Figure 4

  • In server/default/conf/props/, create copies of jmx-console-users.properties and jmx-console-roles.properties and rename them web-console-users.properties and web-console-roles.properties respectively.
  • Navigate to server/default/deploymanagement/console-mgr.sar/web-console.war/WEB-INF and repeat steps 2 and 3 for jboss-web.xml and web.xml.
  • Edit server/default/conf/login-config.xml Locate the following lines and add "props/" before the web-console-*.properties filenames:


<Please see attached file for image>

Figure 5

  • When modifying usernames and passwords, be sure to edit both files for either console:

    • JMX Console: server/default/conf/props/jmx-console-users.properties and jmx-console-roles.properties.
    • Web Console: server/default/conf/props/web-console-users.properties and web-console-roles.properties.


  • Restart JBoss and navigate to the JMX/Web Consoles. Verify that authentication is working.

Environment

Release: ACP1M005900-12.5-Privileged Identity Manager
Component:

Attachments

1558695170913000051246_sktwi1f5rjvs16mxe.gif get_app
1558695169192000051246_sktwi1f5rjvs16mxd.gif get_app
1558695167322000051246_sktwi1f5rjvs16mxc.gif get_app
1558695165529000051246_sktwi1f5rjvs16mxb.gif get_app
1558695162651000051246_sktwi1f5rjvs16mxa.gif get_app