Simple way to lock up your JBoss AS instance

JBoss AS is distributed by default as not secured (locked up).

If you want to work with locked up version you can try this easy way.

 

  1. Download Groovy script (source code at https://github.com/pskopek/sec-script).
  2. Install Groovy:
    -- use http://groovy.codehaus.org/Download
    -- use your OS favourite method: Fedora: yum install groovy
  3. run: groovy securejboss.groovy <JBOSS SERVER HOME>
    You can specify more then one JBoss Server Home directories. In that case common/deploy content will generate warning because it already is secured.
  4. check output for possible problems (pay special attention to warnings)

 

Note: Always test your installation if it is secured properly.

 

The script currently supports JBoss AS 6.1.0.Final and 6.0.0.Final. Check later for JBoss AS 5 and 5.1 support.

 

Example on Fedora:

 

1. wget https://github.com/pskopek/sec-script/raw/master/script/securejboss.groovy

2. unzip -q ~/Downloads/jboss-as-distribution-6.1.0.Final.zip (already downloaded in $HOME/Downloads directory)

3. sudo yum install groovy

4. groovy securejboss.groovy jboss-6.1.0.Final/server/default/

Output example:

Working on ServerHome=jboss-6.1.0.Final/server/default/

JBoss AS Version: 6.1.0.Final

securing JBoss Security Domain: jmx-console

Done

securing jmx-console.war

Done

securing HttpInvoker

Done

securing JBoss Security Domain: JBossWS

Done

securing jbossws-console.war

Done

securing JMXConnector

Done

securing JBoss Security Domain: hornetq

Done