Limiting Other Applications On The Server; Unix/Linux - Netscape ENTREPRISE SERVER 6.1 - 04-2002 ADMINISTRATOR Administrator's Manual

Considering Additional Security Issues
Access either the Administration Server or the Server Manager and choose the
1.
Security tab.
For the Server Manager you must first select the server instance from the
drop-down list.
Select the Change Password link.
2.
Select the security token on which you want to change the password from the
3.
drop-down list.
By default this is 'internal' for the internal key database. If you have PKCS#11
modules installed, you will see all the tokens listed. Click the Change
Password link.
Enter your current password.
4.
Enter your new password
5.
Enter it again.
6.
Click OK.
7.
For the Server Manager, click Apply, and then Restart for changes to take effect
8.
Make sure your key-pair file is protected. The Administration Server stores
key-pair files in the directory
directory readable only to Netscape servers installed on your computer.
It's also important to know if the file is stored on backup tapes or is otherwise
available for someone to intercept. If so, you must protect your backups as
completely as your server.

Limiting Other Applications on the Server

Carefully consider all applications that run on the same machine as the server. It's
possible to circumvent your server's security by exploiting holes in other programs
running on your server. Disable all unnecessary programs and services. For
example, the UNIX
be programmed to run other possibly detrimental programs on the server machine.

UNIX/Linux

Carefully choose the processes started from
telnet
server machine (this can distribute files but it can also be used to update files on the
server machine).
134 Netscape Enterprise Server Administrator's Guide • April 2002 (Draft)
sendmail
or from the server machine. You also shouldn't have
rlogin
server_root/alias
daemon is difficult to configure securely and it can
inittab
. Consider making the files and
and scripts. Don't run
rc
rdist
on the