Adobe 38043740 Lockdown Guide - Page 54

Add umask to startup script, 4.3 Post Configuration Settings for Windows and Linux

Get Adobe 38043740 - ColdFusion Standard - Mac PDF manuals and user guides
UPC - 883919135168
View all Adobe 38043740 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 54 highlights

4.2.8 Add umask to startup script Edit the /etc/init.d/coldfusion10 startup script and add the line near the top but below the #description comment: umask 007 Consider setting a more restrictive umask on for the group permission. 4.3 Post Configuration Settings for Windows and Linux The following changes should be made to both Windows and Linux installs. 4.3.1 Enable Sandbox Security Login to the ColdFusion administrator and select Enable Sandbox Security from the Security > Sandbox Security page. Configure sandboxes for each site, or high risk portions of each site. Using the principal of least privilege deny access to any tags, functions, datasources, file paths, and IP / ports that do not need to be accessed by code in the particular sandbox. The sandbox of the requested CFM / CFC is the active sandbox for all code executed in a particular request. If you are running Standard Edition you can still setup a sandbox but you cannot create multiple sandboxes. 4.3.2 Remove Tomcat Web Server on cfusion instance When you install ColdFusion it will setup the Tomcat web server running on port 8500. This is not needed and should be disabled. Backup and edit the {cf.instance.root}/runtime/conf/server.xml file, and remove or comment out the following:

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
54
4.2.8 Add umask to startup script
Edit the
/etc/init.d/coldfusion10
startup script and add the line near the top but below the
#description
comment:
umask 007
Consider setting a more restrictive umask on for the group permission.
4.3 Post Configuration Settings for Windows and Linux
The following changes should be made to both Windows and Linux installs.
4.3.1 Enable Sandbox Security
Login to the ColdFusion administrator and select
Enable Sandbox Security
from the
Security
>
Sandbox
Security
page.
Configure sandboxes for each site, or high risk portions of each site. Using the principal of least privilege deny
access to any tags, functions, datasources, file paths, and IP / ports that do not need to be accessed by code
in the particular sandbox.
The sandbox of the requested CFM / CFC is the active sandbox for all code executed in a particular request.
If you are running Standard Edition you can still setup a sandbox but you cannot create multiple sandboxes.
4.3.2 Remove Tomcat Web Server on cfusion instance
When you install ColdFusion it will setup the Tomcat web server running on port 8500. This is not needed and
should be disabled. Backup and edit the
{cf.instance.root}/runtime/conf/server.xml
file, and
remove or comment out
the following:
<Connector executor="tomcatThreadPool" maxThreads="50"
port="8500" protocol="org.apache.coyote.http11.Http11Protocol"