Hello everyone,<br><br>I apologize if any of these questions are duplicates or answered elsewhere -- I have looked through the archives but not been able to find exactly what I am looking for.<br><br>What I am trying to find is list a list of steps from a RHEL administrator's point of view to transition a wide-open JBoss server which is being used in a development environment to a secure server being used in production deployment.<br>
<br>The things I am most concerned with are to disable the JBoss main homepage, disable any debug information, disable access to any web apps which we have not explicitly granted access to, etc. I have found documentations for some parts, such as removing the jmx console, but I was curious if anyone had a collection of of steps they commonly use to put JBoss into a secure mode.<br>
<br>I am working on using mod_jk to go in front of tomcat for basic URL filtering and such, but even still it is not clear from the mod_jk documentation the optimal way to do this when security is the goal.<br><br>Again, I apologize if this is a really weak question, I just want to rule out the obvious before I dig deeper into all the configs on my own. I have poured through everything in the JBoss Security wiki, but a lot of that is from the code level and development perspective; what I am seeking is basically a straight up RHEL JBoss hardening guide, or the closest possible analog.<br>
<br>Thank you very much,<br><br>katsu<br>