Red Hat Training

A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification

2.5. Configuration Requirements

The following sections describe modifications to be made to the production server configuration to comply with CC requirements. It is recommended, however, to back up the production configuration prior to making the changes shown in the following subsections.
Backing up the production configuration involves making a copy of the JBOSS_HOME/server/production directory. If you are using Microsoft Windows you can use Windows Explorer to make a copy of this folder using copy-paste and rename the copy to production.backup.
Under UNIX or Linux you can execute the command:
cp -pr JBOSS_HOME/server/production JBOSS_HOME/server/production.backup
In an emergency you can always retrieve the original files from the installation files.

2.5.1. General Restrictions

The following general restrictions apply when setting up a certified configuration.
The WS CFX and WS Native stack are allowed. The WS Metro stack is not allowed in the evaluated configuration.
Management Consoles
The following deployed applications must be secured so they are accessible by trusted administrators only. The applications must be removed from the certified configuration if this condition is not met.
  • JMX Console (jmx-console.war)
    Location: jboss-as/server/production/deploy/jmx-console.war/
  • Web Console (web-console.war)
    Location: jboss-as/server/production/deploy/management/
  • Administration Console (admin-console.war)
    Location: jboss-as/server/production/deploy/admin-console.war/
If you do not intend to use one or more of the management consoles, delete the entire directory related to each. Doing this guarantees that unauthorized users will not be able to access your system through an unused, and potentially unsecured management console.