-
Notifications
You must be signed in to change notification settings - Fork 20
Deploy Secure Deployment
After the basic installation, there are some following steps that should be considered for securing the deployment. The main issue that can be done upfront is the documentation of the involved components:
- Lifearay
- Tomcat
- Couchdb
- Vagrant
For vagrant it is important to understand how to close the provisioning users and not keep default usernames and passwords open.
Then for the applications, the following measures can be done:
-
Change password of Liferay administrator user or check if that is appropriately secure.
-
You should check the permissions of the involved users in the user management in Liferay.
-
Assign individual passwords for users, also you could force the users to change their passwords at login if you like.
-
Besides the general advice to check the deployment instructions for the involved components, it is of particular interest to limit couchdb access from localhost only.
-
Also for Tomcat you could limit port access from localhost only.
-
Do you need the ssh ports open or can you just go to the machine (physically).
Note that the Linux vagrant scripts applies soem security measures already on the OS level.