5 Replies Latest reply on Dec 10, 2013 6:28 PM by lifeonatrip

Hardening Guide for JBoss AS 7 - PCI DSS and similar

lifeonatrip Oct 28, 2013 8:34 PM

Hi all,

I just have done a DRAFT for a hardening guide intended for JBoss AS 7.2 standalone.

The guide is intended for people who need to pass audit for security standards like PCI DSS lv1 or similar and unfortunately, at this stage, is not a general purpose guide because is tailored on my personal use case, but I think can be a good start to get a good community version of a security standard guide.

I would like to make something similar to a STIG but focused on JBoss 7.2 and onwards.

If you guys think that something like that is useful I'll publish the first draft and we can edit according to people's suggestions.

Please let me know what think about this idea.

- Lifeonatrip

1. Re: Hardening Guide for JBoss AS 7 - PCI DSS and similar

ctomc Oct 29, 2013 8:43 AM (in response to lifeonatrip)

Hey,

Article as such would very much be useful if you can share it

you can add it to wiki pages JBoss AS 7 or under Documentation - JBoss AS 7.2 - Project Documentation Editor

contribution like this would be very useful for many people I think.

tnx,
tomaz
Actions
2. Re: Hardening Guide for JBoss AS 7 - PCI DSS and similar

cboice Oct 29, 2013 11:43 AM (in response to lifeonatrip)

Hey there,

I'm in the process of hardening JBOSS for PCI-DSS right now, and would be VERY interested in reading this. Could you PM me a link to the document?

Thanks,

Charles
Actions
3. Re: Hardening Guide for JBoss AS 7 - PCI DSS and similar

lifeonatrip Oct 30, 2013 8:17 PM (in response to cboice)

Yes I'll definitely share it, I am using some spare time to refine it and then I'll share the guide with everyone, but keep in mind that is very tailored on my use case.

I will add this to the wiki pages when it looks good.

Thanks for the interest guys

- Lifeonatrip
Actions
4. Re: Hardening Guide for JBoss AS 7 - PCI DSS and similar

lifeonatrip Dec 10, 2013 5:47 PM (in response to lifeonatrip)

Hi all,

sorry for the extreme delay on this, I've been quite busy these days.

I just started dumping the hardening guidelines in confluence Hardening Guidelines - JBoss AS 7.2 - Project Documentation Editor
Please remember that it's just a draft and it's probably not 100% correct. Be patient with me it's my first contribution to this project.

Anyway, please amend, correct and improve it as you wish to do. I'll keep adding content as I have time to do so.

-- lifeonatrip
Actions
5. Re: Hardening Guide for JBoss AS 7 - PCI DSS and similar

lifeonatrip Dec 10, 2013 6:28 PM (in response to ctomc)

Hi Tomaz,

Is there a way to share a confluence page only to a few people?
I don't want everyone to see the draft before completed

-- lifeonatrip
Actions

Go to original post