1 Reply Latest reply on May 30, 2014 10:00 AM by ctomc

    JBoss Security hardening guides for AS, WildFly8, EAP ?

    j4zz
    j4zz May 30, 2014 9:34 AM

      Are there any resources about security hardening of AS/WildFly8 and EAP 6 similar to this page:
      Hardening Guidelines - JBoss AS 7.2 - Project Documentation Editor

       

      1. Are AS 7.1, 7.2 similar enough to WildFly8 and EAP 6 for that guide to be applicable to all of them ?

       

      2. How much different in terms of directory structure, config files structure are AS, WildFly and EAP ? Would Security Guides for EAP 5,6 still apply to AS/WildFly ?

       

       

      Stuff I dag out so far:

       

      JBoss Hardening Security Guides:

      JBoss EAP 5:


      https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/5/pdf/Security_Guide/JBoss_Enterprise_Application_Platform-5-Security_Guide-en-US.pdf

      Looks like the same document but in HTML format:

      https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/5/html/Security_Guide/index.html

      Nessus for EAP 5:
      https://discussions.nessus.org/thread/5914

       

       

      JBoss EAP 6:

      https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.1/pdf/Security_Guide/JBoss_Enterprise_Application_Platform-6.1-Security_Guide-en-US.pdf

      https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html/Security_Guide/index.html

       

      JBoss AS 7:

       

      http://blog.csnc.ch/2012/02/jboss-7-1-web-server-hardening/

       

       

      https://community.jboss.org/wiki/SecureJBoss

       

       

      A bunch of semi useful links from serverfault:

       

      http://serverfault.com/questions/131677/steps-to-hardening-jboss-for-production-use-on-windows

        • 1. Re: JBoss Security hardening guides for AS, WildFly8, EAP ?
          ctomc
          ctomc May 30, 2014 10:00 AM (in response to j4zz)

          B C wrote:


          1. Are AS 7.1, 7.2 similar enough to WildFly8 and EAP 6 for that guide to be applicable to all of them ?

          Yes

           

          2. How much different in terms of directory structure, config files structure are AS, WildFly and EAP ? Would Security Guides for EAP 5,6 still apply to AS/WildFly ?

          AS7/WildFly8/EAP6 all share same directory structure, for 7.2/EAP6.1 there ware some changes in modules directory, but old layout still works.

           

          guides for EAP5 would not be applicable, at least when it comes to server configuration.

           

          Only big change in WildFly8 is that there is that web subsystem was replaced with undertow subsystem. And it has different configuration as such, but still offers same functionality.

            • Actions