Hello everyone, I apologize if any of these questions are duplicates or answered elsewhere -- I have looked through the archives but not been able to find exactly what I am looking for. What I am trying to find is list a list of steps from a RHEL administrator's point of view to transition a wide-open JBoss server which is being used in a development environment to a secure server being used in production deployment. The things I am most concerned with are to disable the JBoss main homepage, disable any debug information, disable access to any web apps which we have not explicitly granted access to, etc. I have found documentations for some parts, such as removing the jmx console, but I was curious if anyone had a collection of of steps they commonly use to put JBoss into a secure mode. I am working on using mod_jk to go in front of tomcat for basic URL filtering and such, but even still it is not clear from the mod_jk documentation the optimal way to do this when security is the goal. Again, I apologize if this is a really weak question, I just want to rule out the obvious before I dig deeper into all the configs on my own. I have poured through everything in the JBoss Security wiki, but a lot of that is from the code level and development perspective; what I am seeking is basically a straight up RHEL JBoss hardening guide, or the closest possible analog. Thank you very much, katsu -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
