EAP7.0.0_HowToConfigureServerSecurity.pdf

Attributenameassign groupsvalue true red hat jboss

This preview shows page 30 - 33 out of 85 pages.

attribute(name=assign-groups,value= true ) Red Hat JBoss Enterprise Application Platform 7.0 How To Configure Server Security 26
Image of page 30

Subscribe to view the full document.

2.2.12. Silent Authentication The default installation of JBoss EAP contains a method of silent authentication for a local management CLI user. This allows the local user the ability to access the management CLI without username or password authentication. This functionality is enabled as a convenience, and to assist local users running management CLI scripts without requiring authentication. It is considered a useful feature given that access to the local configuration typically also gives the user the ability to add their own user details or otherwise disable security checks. The convenience of silent authentication for local users can be disabled where greater security control is required. This can be achieved by removing the local element within the security-realm section of the configuration file. This applies to both the standalone instances as well as domains. Important The removal of the local element should only be done if the impact on the JBoss EAP instance and its configuration is fully understood. To remove silent authentication from a realm: 2.3. SECURITY AUDITING Security auditing refers to triggering events, such as writing to a log, in response to an event that happens within the security subsystem or the management interfaces. Auditing mechanisms are configured as part of a security domain or management interface. Auditing uses provider modules. Both included provider modules as well as custom implementations may be used. 2.3.1. Configure Security Auditing for Security Domains To configure security auditing settings for a security domain, the following steps must be performed from the management console: 1. Open the security domain’s detailed view. 2. Navigate to the Auditing subsystem configuration. 3. Add a provider module. 4. Verify the module is working 5. Optional: Add, edit, or remove module options. 1. Open the security domain’s detailed view. Click Configuration at the top of the screen. In a managed domain, select a profile to modify from the Profile selection box at the top left. Click on Subsystems , then Security . /core-service=management/security- realm=REALM_NAME/authentication=local:remove CHAPTER 2. SECURING THE SERVER AND ITS INTERFACES 27
Image of page 31
Click on the security domain to edit and click View . 2. Navigate to the Auditing subsystem configuration. Click on Audit at the left side of the screen. The configuration area is divided into two areas: Provider Modules and Details. The provider module is the basic unit of configuration. A security domain can include several provider modules each of which can include attributes and options. 3. Add a provider module. Click Add and fill in the Code section with the classname of the provider module. Also fill in the Name section with the desired name.
Image of page 32

Subscribe to view the full document.

Image of page 33
  • Spring '17
  • azmat fatma
  • Red Hat, jboss eap, Red Hat JBoss, Enterprise Application Platform

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern