Check: JRE0060-J62K7
JRE 6 Windows 7 STIG:
JRE0060-J62K7
(in version v1 r8)
Title
The configuration file must contain proper keys and values to deploy settings correctly. (Cat II impact)
Discussion
This configuration file must hold values of the location of the deployment.properties file, as well as the enforcement of these properties. Without a proper path for the properties file, deployment would not be possible. If the path specified does not lead to a properties file the value of the 'deployment.system.config. mandatory' key determines how to handle the situation. If the value of this key is true, JRE will not run if the path to the properties file is invalid.
Check Content
Navigate to the deployment.config file: If the deployment.config file does not exist, it must be created. The deployment.config file is a text file containing 2 keys. They are: deployment.system.config = deployment.system.config.mandatory = For 32 bit systems: C:\Program Files\Java\jre6\lib\deployment.config. For 64 bit systems you must check both the 64 bit and the 32 bit config files: C:\Program Files\Java\jre6\lib\deployment.config C:\Program Files (x86)\Java\jre6\lib\deployment.config Verify the 'deployment.system.config' key in the deployment.config file is set to the correct path. Note that the characters : and \ must be delimited by a backslash. The path contained in the deployment.config file(s) will depend upon system architecture. The following paths are examples. Drive letters may vary based upon your system. For 32 bit systems the path is: 'file:C\:\\Program Files\\Java\\jre6\\lib\\deployment.properties' For 64 bit systems the paths are: 'file:C\:\\Program Files\\Java\\jre6\\lib\\deployment.properties' 'file:C\:\\Program Files (x86)\\Java\\jre6\\lib\\deployment.properties' Verify the 'deployment.system.config.mandatory' key in the deployment.config file(s) are set to 'false'. If the 'deployment.system.config' key is not set to the correct path and the 'deployment.system.config.mandatory' key is not set to false, this is a finding.
Fix Text
Specify the path to the deployment.properties file in deployment.config and set the mandatory configuration values. If the deployment.config file does not exist, create the file. The deployment.config file is a text file containing 2 keys. They are: deployment.system.config = deployment.system.config.mandatory = On 32-bit systems the deployment config file should be located at: C:\Program Files\Java\jre6\lib\deployment.config On 64-bit systems there can be 2 locations for the deployment.config file. One is for 32 bit JRE and the other for 64 bit JRE: 64 bit - C:\Program Files\Java\jre6\lib\deployment.config 32 bit - C:\Program Files (x86)\Java\jre6\lib\deployment.config Include the following keys and values in the appropriate deployment.config file based upon your system architecture. If you are running both a 32 bit and a 64 bit JRE, you need to update both deployment.config files. The following are examples, drive letters may vary. 32 bit 'deployment.system.config=file:C\:\\Program Files (x86)\\Java\\jre6\\lib\\deployment.properties' 'deployment.system.config.mandatory=false'. 64 bit 'deployment.system.config=file:C\:\\Program Files\\Java\\jre6\\lib\\deployment.properties' 'deployment.system.config.mandatory=false'.
Additional Identifiers
Rule ID: SV-43645r2_rule
Vulnerability ID: V-32842
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |