+

Search Tips   |   Advanced Search

Secure the environment after installation

WebSphere Application Server depends on several configuration files created during installation. These files contain password information and need protection. Although the files are protected to a limited degree during installation, this basic level of protection is probably not sufficient for the site. You should verify that these files are protected in compliance with the policies of the site.

A Kerberos keytab configuration file contains a list of keys that are analogous to user passwords. The default keytab file is krb5.keytab. It is important for hosts to protect their Kerberos keytab files by storing them on the local disk, which makes them readable only by authorized users.

(dist) The files in the app_server_root/profiles/profile_name/config and app_server_root/profiles/profile_name/properties need protection. For example, give permission to the user who logs onto the system for WebSphere Application Server primary administrative tasks. Other users or groups, such as WebSphere Application Server console users and console groups need permissions as well.

(zos) The files in the WAS_HOME/config and the WAS_HOME/properties directories need protection. For example, give permission to the user who logs onto the system for WebSphere Application Server primary administrative tasks. Other users or groups, such as WebSphere Application Server console users and console groups need permissions as well.

(zos) The files in the WAS_HOME/properties directory that must be readable by everybody are:

(zos) The value for WAS_HOME directory is specified in the WebSphere z/OS Profile Management Tool or the zpmt command when WebSphere Application Server for z/OS is installed, for both the base product and WebSphere Application Server Network Deployment.


Results

After securing the environment, only the users with permission can access the files. Failure to adequately secure these files can lead to a breach of security in the WAS applications.


What to do next

If failures occur that are caused by file accessing permissions, check the permission settings.


Related tasks

  • Preparing for security at installation time