Adobe 38043740 Lockdown Guide - Page 10

user grant Read and List Folder Contents Permission. Add the, Advanced Security Settings

Get Adobe 38043740 - ColdFusion Standard - Mac PDF manuals and user guides
UPC - 883919135168
View all Adobe 38043740 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 10 highlights

User / Group cfusion (Your ColdFusion Service Identity) Permissions • List folder / read data • Read attributes • Read extended attributes • Read permissions (Add additional write/delete permissions to folders or files that CF must write to) Click the Add button and add the iisservice user grant Read and List Folder Contents Permission. Add the cfusion user and grant Read, List Folder Contents Permission. Grant cfusion Write and Delete permission if your applications make use of the file system via (cffile, cfdirectory, etc). Also give the Administrators full control over this folder, and remove any unnecessary privileges. Check the Replace all existing inheritable auditing entries on all descendants with inheritable auditing entries from this object checkbox to propagate this setting to all sub folders and files existing or created below this folder. Select the Auditing tab in the Advanced Security Settings dialog. Click the Edit button and ensure that some level of auditing exists. Auditing can generate a large amount of logs, and if too verbose can make the job of monitoring the server logs difficult. Auditing every successful file read in this directory may not be necessary. Use your judgement to determine an appropriate auditing policy based on your security requirements. A good minimal policy would be to audit all Fails, and certain Success events (Delete, Change Permissions, etc). 10

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
10
User / Group
Permissions
cfusion (Your ColdFusion Service Identity)
List folder / read data
Read attributes
Read extended attributes
Read permissions
(Add additional write/delete permissions
to folders or files that CF must write to)
Click the
Add
button and add the
iisservice
user grant Read and List Folder Contents Permission. Add the
cfusion user and grant Read, List Folder Contents Permission. Grant cfusion Write and Delete permission if
your applications make use of the file system via (cffile, cfdirectory, etc). Also give the
Administrators
full
control over this folder, and remove any unnecessary privileges.
Check the
Replace all existing inheritable auditing entries on all descendants with inheritable auditing entries
from this object
checkbox to propagate this setting to all sub folders and files existing or created below this
folder.
Select the
Auditing
tab in the
Advanced Security Settings
dialog. Click the Edit button and ensure that some
level of auditing exists. Auditing can generate a large amount of logs, and if too verbose can make the job of
monitoring the server logs difficult.
Auditing every successful file read in this directory may not be necessary.
Use your judgement to determine an appropriate auditing policy based on your security requirements. A good
minimal policy would be to audit all Fails, and certain Success events (Delete, Change Permissions, etc).