セキュリティのベスト プラクティスのための Jira Server アプリケーション構成

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

目的

This how to guide instructs how to setup JIRA server applications for security best practices.

ソリューション

  1. Configure JIRA behind a reverse-proxy using SSL as per either of the following:
    1. Configure Jira server to run behind a NGINX reverse proxy
    2. SSL を利用して JIRA と Apache を統合する方法
  2. Ensure the additional config is setup as detailed in https://mozilla.github.io/server-side-tls/ssl-config-generator/.
  3. Optional - may be required by security policy to prevent 'Clickjacking'. Add the X-Frame-Options header as per JRA-25143 - Getting issue details... STATUS - this may, however, break things.
  4. Test the SSL with a SSL test suite, such as the one from Qualys SSL Labs and correct any problems.
  5. Setup a firewall.
  6. Configure automatic security updates.
  7. Subscribe to the security system mailing list of your operating system for security alerts.
  8. If using Linux, configure SSH to use public key authentication only and enable Fail2Ban.
  9. Update JIRA and the operating system regularly.
  10. Ensure JIRA is run as a user that is not root.

Additionally, if using AppArmor there are some available, unsupported, profiles that can be installed as per https://bitbucket.org/asecurityteam/atlassian-apparmor-profiles.

最終更新日 2016 年 5 月 26 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.