Adobe 38043740 Lockdown Guide - Page 53

Setup Auditing, Server Settings > Java and JVM, Java Virtual Machine Path

Get Adobe 38043740 - ColdFusion Standard - Mac PDF manuals and user guides
UPC - 883919135168
View all Adobe 38043740 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 53 highlights

# cp jvm.config jvm.config.backup To update using ColdFusion Administrator: click on Server Settings > Java and JVM and then add /usr/java/latest/ to the Java Virtual Machine Path text box. To update via shell: Edit jvm.config in a text editor to locate the line beginning with java.home= for example: java.home=/opt/coldfusion10/jre Change that line to: java.home=/usr/java/latest The new jvm will be used after ColdFusion is restarted. Visit the System Information page of ColdFusion administrator to confirm that the JVM has been updated. To revert to the default jvm replace jvm.config with jvm.config.backup and restart ColdFusion. 4.2.7 Setup Auditing First ensure that auditd is installed and configured to meet your requirements in /etc/audit/auditd.conf Use auditctl to add auditing to file system operations, for example: auditctl -w /opt/coldfusion10 -p wax -k cf10 The above will audit all write, attribute change and execute operations on the path /opt/coldfusion10/ and tag all entries with the filter key cf10. Now that the filter key is setup you can query the audit log using ausearch -k cf10 Keep in mind that the above might get a bit noisy if ColdFusion is writing a lot of log files, placing the log files elsewhere will reduce this noise. 53

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
53
# cp jvm.config jvm.config.backup
To update using ColdFusion Administrator: click on
Server Settings > Java and JVM
and then add
/usr/java/latest/
to the
Java Virtual Machine Path
text box.
To update via shell: Edit
jvm.config
in a text editor to locate the line beginning with
java.home=
for
example:
java.home=/opt/coldfusion10/jre
Change that line to:
java.home=/usr/java/latest
The new jvm will be used after ColdFusion is restarted. Visit the System Information page of ColdFusion
administrator to confirm that the JVM has been updated. To revert to the default jvm replace
jvm.config
with
jvm.config.backup
and restart ColdFusion.
4.2.7 Setup Auditing
First ensure that
auditd
is installed and configured to meet your requirements in
/etc/audit/auditd.conf
Use
auditctl
to add auditing to file system operations, for example:
auditctl -w /opt/coldfusion10 -p wax -k cf10
The above will audit all write, attribute change and execute operations on the path
/opt/coldfusion10/
and tag all entries with the filter key
cf10
. Now that the filter key is setup you can query the audit log using
ausearch -k cf10
Keep in mind that the above might get a bit noisy if ColdFusion is writing a lot of log files, placing the log files
elsewhere will reduce this noise.