2 Performing a Secure UIM Installation
This chapter presents planning information for your Oracle Communications Unified Inventory Management (UIM) system and describes recommended installation scenarios that enhance security.
For more information about installing UIM, see UIM Installation Guide.
Installing UIM Securely
You can perform a custom installation or a typical installation. Oracle recommends that you perform a custom installation to avoid installing options and products you do not need. However, you can perform a typical installation, and remove or disable features you do not need after the installation is complete.
When installing UIM, do the following:
-
When creating the WebLogic Server domain for UIM:
-
Make sure that SSL ports are being used on the Administration Server and all Managed servers.
-
If installing UIM on a cluster of servers, configure the cluster addresses to use SSL ports.
-
After you have created the WebLogic Server domain for UIM, start the Administration Server. Then, use t3s to start the Managed servers:
startManagedWebLogic.sh ManagedServer_1 t3s://host_name:port
where ManagedServer_1 is the name of the first Managed server, and port is the SSL Port of the Administration server.
-
-
Using the WebLogic Server Administration Console, configure Certificate Identity and trust store to use SSL. Do not use the default demonstration certificate that comes with WebLogic Server. See the WebLogic administrator's documentation for more information.
-
When you complete the install and patch operations, you must remove the write access to the file system except for data and configuration files. The data and configuration files prevent overwriting of files. Only other operating system users can run the required services. Therefore, ensure to provide a minimum set of file system permissions to other operating system users.
-
When you install UIM, avoid generating temporary files. If temporary files are required, ensure to install them with appropriate file permissions in properly protected directories. After the successful or unsuccessful installation or the failure of installation, erase the temporary files securely. If you require any additional privileges for the installation, revoke the temporary files immediately after the successful or unsuccessful installation. For temporary file storage, you can also use volatile memory-based files systems.
-
Ensure that any files generated during application processing must have correct file system permissions. See "File Permissions" for more information.
Run the following command to verify files that have execute permissions:find . -type f -perm +111 \! -iname '*.pm' \! -iname '*.so' \! -iname '*.a' \! -iname '*.pl' \! -iname '*.sh' \! -iname '*.bin' -exec file '{}' \; |grep --invert-match executable
About Password Policies
Oracle recommends having strong password policies for UIM and database schema users. Consider enforcing the following password policies:
-
Minimum length of password is 8 characteristics.
-
Password must contain at least one digit, one capital letter, and one special character. For example,
WebLogic@123. -
The user name must not be part of the password.
Stricter rules can be set for the authentication provider using the WebLogic Server Administration Console. For details on authentication providers and their configuration, refer to WebLogic administrator documentation.
See UIM System Administrator's Guide for information about changing and setting UIM passwords.