How to secure JBoss application server using SELinux

Posted by Jakub Elias on Server Fault See other posts from Server Fault or by Jakub Elias
Published on 2010-12-01T13:32:30Z Indexed on 2011/03/15 16:12 UTC
Read the original article Hit count: 845

Filed under:

jboss

|

selinux

I want to secure RedHat 5.4 application server by SELinux (targeted policy) and have several questions

1, where can i get SELinux sources (/etc/selinux//src/policy/)There seems to be no such package on install cd ..

2, how to restrict user rights (for example user jboss could not modify /etc/my.cnf)

3, how to configure JBoss application server to work under SELinux

Although i read many documents from NSA the whole topic is still not clear for me.What i want is to basically protect filesystem in case one account is broken.I cannot find any materials about securing jboss server using either chroot jail, ACLs or SELinux ....

© Server Fault or respective owner

Related posts about jboss

Migration and deployement problems JBoss 4.2.2.GA to JBoss 6.0.0.M2

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to migrate an application running on JBoss 4.2.2.GA to JBoss 6.0.0.M2 I give you some log to explain my problem : boot.log : 2010-03-16 09:59:29,406 ERROR [org.jboss.system.server.profileservice.ProfileServiceBootstrap] (Thread-2) Failed to load profile: Summary of incomplete deployments… >>> More
Error deploying Spring application to Jboss due to ClassCastException

as seen on Server Fault - Search for 'Server Fault'
When I try to deploy a spring application in Jboss, I get this error: 11:32:34,045 ERROR [AbstractKernelController] Error installing to Start: name=persistence.unit:unitName=#ehr-punit state=Create java.lang.RuntimeException: Specification violation [EJB3 JPA 6.2.1.2] - You have not defined a jta-data-source… >>> More
How do you install/configure JBoss on Linux/Unix?

as seen on Server Fault - Search for 'Server Fault'
I'm currently working on how install and configure multiple (30+) JBoss EAP 5 configurations (both standalone and clusters) for development, test and production at a client's site (running SuSE). I'm not to fancy about the jboss way of storing application/configuration together with system files… >>> More
Problem in creation MDB Queue connection at Jboss StartUp

as seen on Stack Overflow - Search for 'Stack Overflow'
I am not able to create a Queue connection in JBOSS4.2.3GA Version & Java1.5, as I am using MDB as per the below details. I am putting this MDB in a jar file(named utsJar.jar) and copied it in deploy folder of JBOSS, In the test env. this MDB works well but in another env. [ env settings and… >>> More
Error starting jboss server

as seen on Stack Overflow - Search for 'Stack Overflow'
I've just finished re-installing my OS, and as always install and test standard tools which I use, and now I get this error like never before when I tried to start Jboss 5 from eclipse, its quite big exeption : 3:53:10,693 ERROR [AbstractKernelController] Error installing to Instantiated: name=AttachmentStore… >>> More

Related posts about selinux

AD GIT SELinux RHEL 6 : Can not get SELinux to allow connetion to git

as seen on Server Fault - Search for 'Server Fault'
I have a problem with SELinux! I have installed git on Red Hat Enterprise 6 with AD group control and SSL Cert . Everything works fine if I do setenforce 0 ( set SELinux in detection only mode ) or if I do semanage permissive -a httpd_t (Set httpd_t in detection only mode) I do not want to use… >>> More
How do I enable SELinux when booting a ramdisk from a CD/DVD?

as seen on Server Fault - Search for 'Server Fault'
I have a bootable DVD which boots the same Kernel as the Hard Drive (which uses SELinux). I have copied /etc/selinux and all kernel modules to my ramdisk, and have tried various combinations of selinux=1 and selinux 1 with enforcing 1 and enforcing 0. as Kernel boot parameters. All files contained… >>> More
How do I enable SELinux when booting from a CD/DVD?

as seen on Server Fault - Search for 'Server Fault'
I have a bootable DVD which boots the same Kernel as the Hard Drive (which uses SELinux). I have copied /etc/selinux and all the kernel modules to my ramdisk, and have tried both selinux=1 and selinux 1 as Kernel boot parameters. After the system boots, I check dmesg: % dmesg | grep -i selinux Kernel… >>> More
How does SELinux affect the /home directory?

as seen on Server Fault - Search for 'Server Fault'
Hi everyone. I'm migrating a CentOS 5.3 system from MySQL to PostgreSQL. The way our machine is set up is that the biggest disk partition is mounted to /home. This is out of my control and is managed by the hosting provider. Anyway, we obviously want the database files to be on /home for this… >>> More
Question regarding the SELinux type enforcement file

as seen on Server Fault - Search for 'Server Fault'
In my SElinux te file, I define two new types called voice_t and data_t which certain directories will be classified in the fc file (/data/ will be of type data_t and /voice/ will be of type voice_t). I would like the one SELinux policy to be used for all servers in my network, but, some servers… >>> More