Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


1. Locate the <security-constraint> element (around line 101) in the file

      <description>An example security config that only allows users with the
         role JBossAdmin to access the HTML JMX console web application


To determine if your JBoss instance has been compromised, look in directory

If you see the directory
then your instance has been infected.

The blog entry below has worm removal and detection information:


3. Lastly, change the  JMX console password. In the Bedework quickstart configuration the userid and password are found in the file jboss-5.1.0.GA/server/default/conf/props/

If you followed the instructions to secure Bedework during your initial installation (see ), you may have already changed the JMX console password.


4. Note that it is not good practice to run any web service as a privileged user (e.g. "root"). Therefore, to minimizie your risk overall, you should run JBoss under an unprivileged account.