The security recommendations help in improving the processes of installing, configuring, and deploying of the Advanced Management Console server and its components.
All the security recommendations are applicable to Windows, OS X, and Linux operating systems. The following sections list the recommendations for each component of the Advanced Management Console:
Follow these security recommendations for the Advanced Management Console server installation, configuration, and deployment:
Protocol: The Advanced Management Console uses HTTPS for communication between the Advanced Management Console server and clients (agent, web UI, Deployment Rule Set tool, and Java installer configuration).
Server deployment protection: The Advanced Management Console server deployment and initialization web page is not protected and does not require a password to set up. Therefore, the initialization page can be accessed by any user. Administrators should restrict access to the server or lock the server behind a firewall until initialization is complete.
Java Usage Tracker communication protection: The Advanced Management Console should be run behind a firewall, which should be supported by the administrators. Administrators need to run the agent and server communication within the same intranet segment behind the firewall. The Advanced Management Console agents send Java Usage Tracker data to the server over https.
Follow these security recommendations for the Advanced Management Console WebLogic Server installation, configuration, and deployment:
Java Security Manager: Consider enabling the Java Security Manager in WebLogic Server to provide protection for resources running in a Java Virtual Machine (JVM) and to improve the Advanced Management Console security. See Java Security Manager.
WebLogic Server logs: Advanced Management Console leverages WebLogic Server logs to report all the security errors and warnings. Check the WebLogic Server domain logs for any reported errors.
Follow these security recommendations for the Advanced Management Console agent installation, configuration, and deployment:
Secure file permissions: The Advanced Management Console doesn’t restrict the locations where system administrators can install the agents in a Windows environment. However, agents should be installed in a protected location, such as Program Files (x86), where regular users cannot make changes. In addition, system administrators should ensure that all installed files have secure permissions.
Agent logs: Check the Advanced Management Console agent service logs for reported logins, events, and errors located in the following Windows directory:
%PROGRAMDATA%\Oracle\Java_AMC\agent.log. In an OS X environment, locate the agent logs here:
Follow these security recommendations for Advanced Management Console installation, configuration, and deployment of Oracle database or MySQL database:
Secure database setup : This installation guide does not provide details about secure database configuration and database security management.
User credentials: The user credentials provided for MySQL or Oracle databases in the sections are examples. Oracle highly recommends that you use a different name and strong password for production use.