Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
# cp jvm.config jvm.config.backup<br />
To update using ColdFusion Administrator: click on <strong>Server</strong> Settings > Java and JVM and then add<br />
/usr/java/latest/ to the Java Virtual Machine Path text box.<br />
To update via shell: Edit jvm.config in a text editor to locate the line beginning with java.home= for<br />
example:<br />
java.home=/opt/coldfusion<strong>10</strong>/jre<br />
Change that line to:<br />
java.home=/usr/java/latest<br />
The new jvm will be used after ColdFusion is restarted. Visit the System Information page of ColdFusion<br />
administrator to confirm that the JVM has been updated. To revert to the default jvm replace jvm.config with<br />
jvm.config.backup and restart ColdFusion.<br />
4.2.7 Setup Auditing<br />
First ensure that auditd is installed and configured to meet your requirements in<br />
/etc/audit/auditd.conf<br />
Use auditctl to add auditing to file system operations, for example:<br />
auditctl -w /opt/coldfusion<strong>10</strong> -p wax -k cf<strong>10</strong><br />
The above will audit all write, attribute change and execute operations on the path /opt/coldfusion<strong>10</strong>/<br />
and tag all entries with the filter key cf<strong>10</strong>. Now that the filter key is setup you can query the audit log using<br />
ausearch -k cf<strong>10</strong><br />
Keep in mind that the above might get a bit noisy if ColdFusion is writing a lot of log files, placing the log files<br />
elsewhere will reduce this noise.<br />
53