10g R2 Application Server Hardening Steps

  Documents Created by             : Bharat Gali

  Email                                      : bharat@bharatgali.com

  Created date                            : 17-Nov-2005

  Application Server Version        : 10.1.2.0.2

  Last Revised                             :22-Apr-2006

  *********************************************************************************

 

What is Application Server Hardening?

Disabling unwanted and unused components in application server to tighten the security and to prevent the hackers from tampering the server.

 

Following components are consider to be Harden are

Recommendations: Test the below Harding process in Dev/Test servers before implementing in production. Some times Harding process may break application server.
 

Apache hardening is considered to be very important since it is the gateway for application server from out side world.
Below are the lists of steps for Apache Hardening.

Hardening steps mainly depends on components we are using application server. In the present context we are assuming we are using only Portal and Discoverer.
The hardening steps described below is to enable Portal, Discoverer, Forms and Reports services and disabling other services.

******Important *****

Based on components that are used in Application server the below process should be altered.
 

1) http://Apache Hardening Steps

 

2) Remove all demo and example programs

Portal_Demo will be removed.

The following will be removed from the Infrastructure:

./jdk/demo/

./oc4j/j2ee/home/default-web-app/examples

./oc4j/j2ee/OC4J_DBConsole_dashinfra2ta.lausd.net_dashtst/application-deployments/default/defaultWebApp/persistence/examples

./Apache/Apache/fastcgi/examples

./j2ee/home/default-web-app/examples

./j2ee/OC4J_SECURITY/application-deployments/default/defaultWebApp/persistence/examples

 

echo file should be removed from the below location

./Apache/Apache/fcgi-bin

 

./jdk/demo/

./j2ee/home/default-web-app/examples

./j2ee/home/application-deployments/default/defaultWebApp/persistence/examples

./j2ee/OC4J_BI_Forms/application-deployments/default/defaultWebApp/persistence/examples

./webcache/examples