An error occurred:

Java Runtime Environment (JRE) version 8 STIG for Unix Version Comparison

Java Runtime Environment (JRE) version 8 STIG for Unix

Comparison

There are 2 differences between versions v1 r1 (March 28, 2016) (the "left" version) and v1 r3 (Oct. 27, 2017) (the "right" version).

Check JRE8-UX-000020 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

Oracle JRE 8 deployment.config file must contain proper keys and values.

Check Content

Navigate to the “deployment.config” file for JRE: /etc/.java/deployment/deployment.config The JRE: /etc/.java/deployment/deployment.config The deployment.config file contains two properties: deployment.system.config and deployment.system.config.mandatory. The "deployment.system.config" key points to the location of the deployment.properties file. The location is variable. It can point to a file on the local disk, or a UNC path. The following is an example: “deployment.system.config=file:///etc/.java/deployment/deployment.properties" If example: “deployment.system.config=/etc/.java/deployment/deployment.properties" If the “deployment.system.config” key does not exist or does not point to the location of the deployment.properties file, this is a finding. If the “deployment.system.config.mandatory” key does not exist or is set to false, this is a finding.

Discussion

The deployment.config configuration file contains two keys. The "deployment.properties" key includes the path of the "deployment.properties" file and the "deployment.properties.mandatory" key contains either a TRUE or FALSE value. If the path specified to "deployment.properties" does not lead to a "deployment.properties" file, the value of the “deployment.system.config.mandatory” key determines how JRE will handle the situation. If the value of the "deployment.system.config.mandatory" key is TRUE and if the path to the "deployment.properties" file is invalid, the JRE will not allow Java applications to run. This is the desired behavior.

Fix

Navigate to the “deployment.config” file for JRE: /etc/.java/deployment/deployment.config Add JRE: /etc/.java/deployment/deployment.config Add the key “deployment.system.config=<Path to deployment.properties>” to the deployment.config file. The following is an example: “deployment.system.config=file:///etc/.java/deployment/deployment.properties". example: “deployment.system.config=/etc/.java/deployment/deployment.properties". Note the use of forward slashes. Add the key “deployment.system.config.mandatory=true” to the deployment.config file.