Hello,
I run
JBoss 6.1 on my linux server and unfortunately it appears to be getting compromised. I am putting plans in place to move to the latest versions of Wildfly, but need a way to secure JBoss 6.1 whilst this work is completed.
I thought I had secured JBoss by following various guides, but still I am seeing unusual activity. The hacker appears able to save files in the system tmp directories, execute scripts and remove files. A specific user runs the JBoss service, so I know for sure JBoss is the area that is being exploited.
This is what I have done to try and make JBoss secure thus far:
- Removed jmx-console.war
- Removed jmx-console-activator-jboss-beans.xml
- Removed jbossws-console.war
- Removed jbossws-console-activator-jboss-beans.xml
- Enabled secuirty domain in jmx-jboss-beans.xml
- Updated jmx-console-users.properties
- Updated jmx-console-roles.properties
I'm clutching at straws as what to do next, but my next plan is to remove twiddle.sh, twiddle.jar and twiddle.bat from the bin directory.
Is there anything obvious I am not doing that is leaving JBoss unsecure?
I really appreciate any thoughts and advice given on this.