Good security practice is to disable any unused server functionalities. Some services are disabled already by default after installation.
This guide shows how to disable more server functionalities. In this example, search and logviewer will be disabled.
To disable unused SSO server components
Check if you are already using a customised Tomcat configuration - is there a file called server.xml
in the directory ubilogin-sso\ubilogin\custom\tomcat
? If not, copy the currently used version as a base:
copy C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat |
cp /usr/local/ubisecure/ubilogin-sso/ubilogin/config/tomcat/conf/server.xml /usr/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcat |
Modify only the relevant lines of server.xml file inĀ C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat
or
by commenting out the unused applications:/usr/local/ubisecure/ubilogin-sso/ubilogin/
custom/tomcat
<Context docBase="${catalina.base}/webapps/logviewer" path="/logviewer"/> <Context docBase="${catalina.base}/webapps/search" path="/search"/> |
<!-- <Context docBase="${catalina.base}/webapps/logviewer" path="/logviewer"/> --> <!-- <Context docBase="${catalina.base}/webapps/search" path="/search"/> --> |
After saving, apply the application server configuration changes by executing update.cmd
as follows.
cd /d C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\ update.cmd |
The server will be restarted automatically.
cd usr/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcat /etc/init.d/ubilogin-server stop ./update.sh /etc/init.d/ubilogin-server start |
In a clustered environment, this change must be performed sequentially on each server node. |
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
|