IBM BS029ML Self Help Guide - Page 117
Document system changes, Set up a security audit on the system, User ID, Event name, What is logged
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 117 highlights
Document system changes You should always document the system changes made, no matter whether it is a configuration change, or deployment of applications, or a Fix Pack or interim fixes. The change logs should be made available online, such that other people have access to them later even after you have left the project. The change journal or log can be as simple as the ones shown in Table 4-3. Table 4-3 Configuration change log Date User ID Apr 5, 2007 wpsadmin Apr 20, 2007 janedoe Aug 7, 2007 wpsadmin Sep 9, 2007 wpsadmin What Transferred database from Cloudscape to DB2. Installed Employee portlet application. Reconfigured security. Ran XMLaccess import to fix page order. You can add more information in the "What" column if you wish. Always make a backup copy of the files you are going to change and save them to a separate location or a different hard drive. The change log and these backup files should provide sufficient knowledge to recover the system in case something goes wrong. Do not to make multiple major changes at the same time. For example, do not configure HTTP over SSL and TAM integration at the same time. Before making any major changes, such as installing or upgrading the system or configuration changes, you should always back up the system, including the database, LDAP, and the file system. You should try to make these backups approximately at the same time, if possible. See Appendix B, "Maintenance: Fix strategy, backup strategy, and migration strategy" on page 207 for details. Set up a security audit on the system We highly recommend the AuditService be enabled all the time on all system environments. For user and group management and portal access control purposes, we suggest the events list shown in Table 4-4. Table 4-4 audit log Event name audit.groupEvents audit.userEvents What is logged Group creation, modification, and deletion User creation, modification, and deletion audit.ownerEvents audit.resourceEvents audit.userInGroupEvents Owner change of a resource Resource creation, modification, and deletion addition of a user to a group Chapter 4. WebSphere Portal security 103