JBoss secure deployment guides? notes you care to share? :)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello everyone,

I apologize if any of these questions are duplicates or answered elsewhere
-- I have looked through the archives but not been able to find exactly what
I am looking for.

What I am trying to find is list a list of steps from a RHEL administrator's
point of view to transition a wide-open JBoss server which is being used in
a development environment to a secure server being used in production
deployment.

The things I am most concerned with are to disable the JBoss main homepage,
disable any debug information, disable access to any web apps which we have
not explicitly granted access to, etc. I have found documentations for some
parts, such as removing the jmx console, but I was curious if anyone had a
collection of of steps they commonly use to put JBoss into a secure mode.

I am working on using mod_jk to go in front of tomcat for basic URL
filtering and such, but even still it is not clear from the mod_jk
documentation the optimal way to do this when security is the goal.

Again, I apologize if this is a really weak question, I just want to rule
out the obvious before I dig deeper into all the configs on my own. I have
poured through everything in the JBoss Security wiki, but a lot of that is
from the code level and development perspective; what I am seeking is
basically a straight up RHEL JBoss hardening guide, or the closest possible
analog.

Thank you very much,

katsu
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux