How to configure JIRA server applications for Security Best Practices
This how to guide instructs how to setup JIRA server applications for security best practices.
- Configure JIRA behind a reverse-proxy using SSL as per either of the following:
- Ensure the additional config is setup as detailed in https://mozilla.github.io/server-side-tls/ssl-config-generator/.
- Optional - may be required by security policy to prevent 'Clickjacking'. Add the X-Frame-Options header as per - JRA-25143Getting issue details... STATUS - this may, however, break things.
- Test the SSL with a SSL test suite, such as the one from Qualys SSL Labs and correct any problems.
- Setup a firewall.
- Configure automatic security updates.
- Subscribe to the security system mailing list of your operating system for security alerts.
- If using Linux, configure SSH to use public key authentication only and enable Fail2Ban.
- Update JIRA and the operating system regularly.
- Ensure JIRA is run as a user that is not root.
Additionally, if using AppArmor there are some available, unsupported, profiles that can be installed as per https://bitbucket.org/asecurityteam/atlassian-apparmor-profiles.