The recommendations in this section do not eliminate all risk. Instead, the recommendations are intended as a short checklist to help you limit typical security risks.
Isolate and firewall the system. If at all possible, isolate the system where Directory Server runs from the public Internet with a network firewall.
Do not allow dual boot. Do not run other operating systems on the system that runs a production Directory Server. Other systems can permit access to files, which you should not allow.
Use strong passwords. Use a root password at least eight characters long. The password should include punctuation or other non-alphabetic characters.
You can use the Strong Password Check server plug-in to refuse weak passwords. The dsconf server property pwd-strong-check-enabled can be used to turn the plug-in on.
If you choose to use longer operating system passwords, you might have to configure the way passwords are handled by the system. See your operating system documentation for instructions.
Use a safe user and group ID for the server. For security reasons, do not run Directory Server with super user privileges.
You can, for example, use the UNIX commands groupadd and useradd to create a user and group without login privileges. You can then run the server as this user and group.
For example, to add a group that is named servers, do the following.
# groupadd servers |
To add a user named server1 as a member of the group servers, use the following command.
# useradd -g servers -s /bin/false -c "server1" |
A particular deployment can call for sharing Directory Server files with other servers, such as a messaging server. In such a deployment, consider running the servers with the same user, group ID.
Use the core facility. To facilitate debugging, you can allow processes running with this user, group ID to dump core. Use a utility such as the Solaris command coreadm. For example, you can enable Directory Server to generate core files by allowing setuid processes to do so, and updating the coreadm configuration:
# coreadm -e proc-setid # coreadm -u |
When scripting server startup, you can add the following line to your startup script. The line allows Directory Server to generate core files of the form core.ns-slapd.pid, where pid is the process ID.
coreadm -p core.%f.%p $$
Disable unnecessary services. For top performance with less risk, dedicate the system to Directory Server. As explained elsewhere in this guide, do not run Directory Service Control Center on the same system. When you run additional services, especially network services, you negatively affect server performance and scalability. You can also thereby increase security risks.
Disable as many network services as possible. Directory Server does not require file sharing and other services. Disable services such as IP Routing, Mail, NetBIOS, NFS, RAS, Web Publishing, and Windows Network Client services. Consider disabling telnet, and ftp.
As with many network services, telnet and ftp pose security risks. These two services are particularly dangerous, because the commands transmit user passwords in clear text over the network. Work around the need for telnet and ftp by using clients such as Secure Shell, ssh, and Secure FTP, sftp, instead. See your operating system documentation for details on disabling network services.
If the Directory Server instance does not provide the naming service for the network, consider enabling a naming service for the system. Directory Server then uses the naming service for example when resolving ACIs.