Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
-bin /usr/sbin/httpd \<br />
-script /etc/init.d/httpd<br />
At this point you will find that with SELinux enabled Apache will fail to start because the mod_jk (the Tomcat<br />
connector module for Apache) module does not have sufficient permissions, the error may look something like<br />
this:<br />
Starting httpd: httpd: Syntax error on line <strong>10</strong>33 of /etc/httpd/conf/httpd.conf: Syntax error on line 2 of<br />
/etc/httpd/conf/mod_jk.conf: Cannot load /opt/coldfusion<strong>10</strong>/config/wsconfig/1/mod_jk.so into server:<br />
/opt/coldfusion<strong>10</strong>/config/wsconfig/1/mod_jk.so: failed to map segment from shared object: Permission<br />
denied<br />
If you are not running SELinux you can skip any commands that begin with chcon or setsebool.<br />
First create an empty log file:<br />
touch /opt/coldfusion<strong>10</strong>/config/wsconfig/1/mod_jk.log<br />
And an empty shared memory file:<br />
touch /opt/coldfusion<strong>10</strong>/config/wsconfig/1/jk_shm<br />
Now lets apply proper file permissions to the connector directory:<br />
chown -R cfusion:webservices /opt/coldfusion<strong>10</strong>/config/wsconfig/1/<br />
chmod -R 640 /opt/coldfusion<strong>10</strong>/config/wsconfig/1/<br />
chmod 750 /opt/coldfusion<strong>10</strong>/config/wsconfig/1/mod_jk.so<br />
chmod 660 /opt/coldfusion<strong>10</strong>/config/wsconfig/1/mod_jk.log<br />
chmod 660 /opt/coldfusion<strong>10</strong>/config/wsconfig/1/jk_shm<br />
Next we need to apply SELinux context to the mod_jk.so module, we’ll do this by referencing another apache<br />
module, we’ll pick mod_rewrite.so - just make sure whatever you pick is installed:<br />
chcon --reference=/etc/httpd/modules/mod_rewrite.so<br />
/opt/coldfusion<strong>10</strong>/config/wsconfig/1/mod_jk.so<br />
51