Securing SAFMQ installations
Under default installations, SAFMQ's security is set up in an open state. The following resources should be secured to avoid server reconfiguration: the safmq.conf configuration file, the "admin" user, the queues directory, the confi directory, the SSL resources, and the SAFMQ server should be run under a limited access user ID.
- Limit Access to the safmq.conf configuration file to system administrators.
- Create a special user login for the SAFMQ application to run under.
- Limit Access to the "queues" directory to only the special SAFMQ user.
- Limit Access to the "config" directory to only the special SAFMQ user, and optionally system administrators.
- By default the "admin" account does not have a password, assign a strong password to this account, or create a new user with full privileges and a strong password and then remove the admin user.
- If using SSL, limit access to the Certificate, Private Key and Certificate Authority files to only the SAFMQ user, and optionally system administrators.
Table of Contents Hierarchy of classes