Embed
Email

Oracle WebLogic Server 11g - CCE

Document Sample

Shared by: linzhengnd
Categories
Tags
Stats
views:
27
posted:
11/8/2011
language:
English
pages:
30
CCE

CCE ID CCE Description

Parameters







Set the "Complete

Message Timeout"

appropriately for each (1) number of

CCE-17933-3 server. seconds

Enable or disable the "FIPS-

compliant cryptographic

CCE-18113-1 module". (1) enabled/disabled

Enable or disable the

"Allow Unencrypted Null

Cipher" as appropriate for

CCE-17853-3 each server. (1) enabled/disabled

Determine the appropriate

"Maximum Message Size"

CCE-17743-6 for each server. (1) bytes



Determine the appropriate (1)

"Security Interoperability default/performance/

CCE-17760-0 Mode" setting. compatibility

The Oracle WebLogic

Server should be run by the

CCE-17888-9 appropriate account. (1) set of accounts

(1)

Failure/Success/Erro

Define the "Severity" field r/Warning/Informatio

CCE-17155-3 as appropriate. n

Enable or disable the

Active Context Handler

"servlet.HttpServletRespon

CCE-17181-9 se" as appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"wli.Message" as

CCE-17171-0 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"channel.Port" as

CCE-17572-9 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"channel.PublicPort" as

CCE-17740-2 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"servlet.HttpServletRespon

CCE-17652-9 se" as appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"servlet.HttpServletRespon

CCE-17167-8 se" as appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"channel.RemotePort"as

CCE-18007-5 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"channel.Protocol" as

CCE-17825-1 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"channel.Address" as

CCE-17877-2 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"channel.PublicAddress" as

CCE-17176-9 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"channel.RemoteAddress"

CCE-18120-6 as appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"channel.ChannelName" as

CCE-17812-9 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"channel.Secure" as

CCE-18009-1 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"ejb20.Parameter" as

CCE-17296-5 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"wsee.SOAPmessage" as

CCE-17798-0 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"entitlement.EAuxilaryID"

CCE-17335-1 as appropriate. (1) enabled/disabled



Enable or disable the

Active Context Handler

"security.ChainPrevalidated

CCE-17736-0 BySSL" as appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"xml.SecurityToken" as

CCE-18023-2 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"webservice.Integrity" as

CCE-17789-9 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"saml.SSLClientCertificate

CCE-17287-4 Chain" as appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"saml.SSLClientCertificate

CCE-17948-1 Chain" as appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"saml.MessageSignerCerfi

CCE-17970-5 cate" as appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"saml.subject.Confirmation

CCE-17304-7 Method" as appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"saml.subject.dom.KeyInfo"

CCE-18088-5 as appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"jmx.ObjectName" as

CCE-17179-3 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"jmx.ShortName" as

CCE-17893-9 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handle

"jmx.Parameters" as

CCE-17558-8 appropriate (1) enabled/disabled

Enable or disable the

Active Context Handler

"jmx.Signature" as

CCE-17713-9 appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handle

"jmx.AuditProtectedArgInfo

CCE-17805-3 " as appropriate. (1) enabled/disabled

Enable or disable the

Active Context Handler

"jmx.OldAttributeValue" as

CCE-18091-9 appropriate. (1) enabled/disabled



Set the "minimum

password length" field (1) number of

CCE-17738-6 appropriately. characters

Enable or disable the

"Reject if Password

Contains the User Name"

CCE-17254-4 attribute as appropriate. (1) enabled/disabled



Enable or disable the

"Reject if Password

Contains the User Name

CCE-18038-0 Reversed" setting. (1) enabled/disabled



Set the "maximum

password length" field (1) number of

CCE-17182-7 appropriately. characters



Set the "minimum

password length" field (1) number of

CCE-17601-6 appropriately. characters



Set the "maximum

instances of any character" (1) number of

CCE-17892-1 field appropriately. characters



Set the "maximum

consecutive characters" (1) number of

CCE-18028-1 field appropriately. characters



Set the "minimum number

of alphabetic characters" (1) number of

CCE-17183-5 field appropriately. characters



Set the "minimum number

of numeric characters" field (1) number of

CCE-17186-8 appropriately. characters





Set the "minimum number

of lower case characters" (1) number of

CCE-17561-2 field appropriately. characters





Set the "minimum number

of upper case characters" (1) number of

CCE-17979-6 field appropriately characters



Set the "minimum number

of non-alphanumeric

characters" field (1) number of

CCE-17618-0 appropriately. characters



Enable or disable the

CCE-17763-4 "Lockout Enabled" setting. (1) enabled/disabled



Set permissions on the

SerializedSystemIni.dat file

CCE-17393-0 permissions appropriately. (1) permissions

Define the "Lockout

Threshold" in the Security (1) number of invalid

CCE-17913-5 Realm appropriately. login attempts









Define the "Lockout

Duration" in the Security (1) number of

CCE-18068-7 Realm appropriately. minutes



Define the "Lockout Reset

Duration" in the Security (1) number of

CCE-17464-9 Realm appropriately. minutes



Enable or disable the

"Require Unanimous

CCE-17856-6 Permit" setting. (1) enabled/disabled

Set the "Host Name

Verification" appropriately

on the Administration

CCE-17794-9 Server. (1) name of host





Define the "Minimum

Number of Non-Alphabetic (1) number of

CCE-18186-7 Characters" appropriately. characters







Enable or disable the "SSL

Enabled" setting for the

appropriate LDAP Server

CCE-17189-2 connections. (1) enabled/disabled

(1) Custom

Hostname

Set the "Host Name Verifier/BEA

Verification" appropriately Hostname

CCE-17956-4 on all servers. Verifier/None



Change and set "Domain

CCE-17960-6 Credentials" appropriately. (1) credential



Enable or disable the

"Configuration Archive

CCE-17947-3 Enabled" box appropriately. (1) enabled/disabled

Set the "Archive

Configuration Count" (1) number of

CCE-17951-5 appropriately. archive files



Set the password field

appropriately for the

CCE-17973-9 "Default Administrator". (1) password

Set the appropriate "SSL

Listen Port" value on each

CCE-17603-2 server. (1) numerical value







Set the "Administration

Console Session Timeout"

CCE-17964-8 field appropriately. (1) numerical value

Enable or disable the

"Production Mode"

CCE-17969-7 appropriately. (1) enabled/disabled

Enable or disable the

WebLogic Auditing

CCE-17991-1 provider as appropriate. (1) enabled/disabled

Set the appropriate

"Invocation Timeout

CCE-17872-3 Seconds" value. (1) seconds

Enable or disable the

"Anonymous Admin

CCE-17612-3 Lookup Enabled" setting. (1) enabled/disabled

Enabled or disable the

"Web App Files Case

CCE-17196-7 Insensitive" setting. (1) enabled/disabled





Enable or disable the

"Enable Administration

CCE-17201-5 Port" setting. (1) enabled/disabled

Enable or disable the "SSL

Rejection Logging

Enabled" setting on all

CCE-18144-6 servers. (1) enabled/disabled

Set the "Export Key

Lifespan" as appropriate on

CCE-17963-0 each Server. (1) numerical value



Enable or disable the

"Client Cert Proxy Enabled"

setting on the

CCE-17844-2 Administration Server. (1) enabled/disabled



Enable or disable the

"Client Cert Proxy Enabled"

setting on the managed

CCE-18077-8 server. (1) enabled/disabled

Set the "Frontend Host"

attribute appropriately for

CCE-18082-8 each server. (1) name of server

(1)

AllWebApplicationsA

ndEJBs/WebApplicat

Set the "Check Roles and ionsAndEJBsProtect

CCE-17478-9 Policies" appropriately. edInDD



(1)

DDOnly/CustomRole

Set the "Security Model s/CustomRolesAndP

CCE-17482-1 Default" appropriately. olices/Advanced

(1)

IgnoreRolesAndPolic

Set the "When Deploying iesFromDD/Initialize

Web Applications or EJBS" RoleAndPoliciesFro

CCE-17346-8 appropriately. mDD

(1) Change

Set the "Configuration None/Change

Audit Type" field Log/Change Audit/

CCE-17208-0 appropriately. Change and Audit



Set the

EditMBeanServerEnabled

attribute appropriately on

CCE-18128-9 the Administration Server (1) True/False

Enable or disable two-way

SSL appropriately for each

CCE-17507-5 server. (1) enabled/disabled

Set the Embedded LDAP

CCE-17210-6 "Timeout" appropriately. (1) seconds









Enable or disable the

"Anonymous Bind Allowed"

CCE-18126-3 setting. (1) enabled/disabled





Set the Server "Post

Timeout" field appropriately

CCE-18148-7 for each server. (1) seconds









Set the HTTP "Duration"

appropriately for each

CCE-18152-9 server. (1) seconds

Set the "HTTPS Duration"

appropriately for each

CCE-17513-3 server. (1) seconds

Set the "HTTP Maximum

Message Size"

appropriately for each

CCE-17769-1 server. (1) bytes





For the Managed Server,

create a "Connection Filter"

CCE-17650-3 if necessary. (1) connection filter





Create a connection filter

for the appropriate serves

CCE-17214-8 and machines. (1) connection filter



Set the "Keystore" file

permissions as

CCE-18147-9 appropriate. (1) value



Set the "Keystores"

permission value

CCE-18024-0 appropriately in directories. (1) value







Set the premissions to the

Weblogic Server Product

Installation directory

CCE-18046-3 appropriately. (1) value





Set the premissions to the

Domain Home directory

CCE-17425-0 appropriately. (1) value







Enable or disable the

"Client Cert Proxy Enabled"

CCE-17216-3 attribute appropriately. (1) enabled/disabled

Enable or disable the "Auth

Cookie Enabled" option

CCE-18171-9 appropriately. (1) enabled/disabled



Set the "Post Timeout" field

CCE-18193-3 appropriately. (1) seconds



Set the "Maximum Open

Sockets" setting

appropriately on the (1) open file

CCE-18198-2 Administration server. descriptors

Set the permissions to the

Middleware Home directory

CCE-18185-9 appropriately. (1) value



Set the "Complete

Message Timeout"

appropriately for each

custom channel on each (1) number of

CCE-17895-4 server. seconds

Set the "Idle Connection

Timeout" appropriately for

each custom channel on (1) number of

CCE-17410-2 each server. seconds

Set the "Maximum

Message Size"

appropriately for each

custom channel on each

CCE-17239-5 server. (1) number of bytes







Set the Node Manager (1) IP

Listen Address address/hostname of

CCE-17401-1 appropriately. server









Set the Node Manager (1)

CCE-17237-9 "Type" appropriately. SSH/SSL/RSH/Plain

(1) Security then

Compatibility then

Performance/Securit

y then Performance

then

Compatibility/Compa

tibility then Security

then

Performance/Compa

tibility then

Performance then

Security/Performanc

e then Compatibility

then

Security/Performanc

Set the "Policy Selection e then Security then

CCE-18211-3 Preference" appropriately. Compatibility

Set the "Maximum Open

Sockets" setting

appropriately on all (1) open file

CCE-17780-8 Managed Servers. descriptors



Set the "Enforce

Constraints" setting on

digital certificates as (1)

CCE-18146-1 appropriate. strict/strong/true/off



(1) Custom Identity

and Command Line

Trust/Custom

Identity and Custom

Trust/Custom

Identity and Java

Set the "Keystores" field Standard

accordingly for each server Trust/Demo Identity

CCE-17246-0 in the domain. and Demo Trust



Enable or disable the

"HTTP Access Log File"

setting as appropriate on

CCE-18013-3 each server. (1) enabled/disabled





Set the "Custom Hostname

Verifier" field as (1) custom verifier

CCE-17907-7 appropriate. name



Set the "SSL port enabled"

setting appropriately for

CCE-18953-0 each server. (1) enabled/disabled



Set the "Listen Port

Enabled" as appropriate on

CCE-18365-7 each server. (1) enabled/disabled

Securing a Production

CCE Technical Mechanisms Environment for Oracle WebLogic

Server 11g Release 1 (10.3.1)







(1) via the Administration console, Environment > Servers >

Server Domain > Server name > Protocols > General >

Complete Message Timeout field



Note in section 3.2, "Securing a Production

(1) via 'setDomainEnv.sh' Environment for Oracle WebLogic server"



(1) via the Administration console, Domain Structure >

Environment > Servers > Server Name > Configuration > SSL Section 3.1, "an important note regarding null

> Advanced > Allow Unencrypted Null Cipher checkbox cipher use in SSL"

(1) via the Administration console, Environment > Servers >

Server name > Protocols > General > Maximum Message Table 3-3 in section 3.5, "Securing the

Size field WebLogic Security Notice"





(1) via the Administration console, Domain Name > Security >

General > Advanced > Security Interoperability Mode setting



(1) via the Configuration Wizard p.21, Table 3-1 in section 3.6, "Securing the

(2) via chown WebLogic Security Notice"



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Severity attribute



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries

(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries





(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries

(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Auditing > WebLogic Auditing

Provider > Provider Specific > Active Context Handler Entries

(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Authentication >

DefualtAuthenticator > Configuration > Minimum Password

Length field

(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Password Validation > System

Password Validator > Provider Specific > User Name Policies

section



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Password Validation > System

Password Validator > Provider Specific > Reject if Password

Contains the user Name Reversed field

(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Password Validation > System

Password Validator > Provider Specific > Maximum Password

Length field

(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Password Validation > System

Password Validator > Provider Specific > Minimum Password

Length field

(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Password Validation > System

Password Validator > Provider Specific > Maximum Instances

of Any Character field

(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Password Validation > System

Password Validator > Provider Specific > Maximum

Consecutive Characters field

(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Password Validation > System

Password Validator > Provider Specific > Minimum Number of

Alphabetic Characters field

(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Password Validation > System

Password Validator > Provider Specific > Minimum Number of

Numeric Characters field



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Password Validation > System

Password Validator > Provider Specific > Minimum Number of

Lower Case Characters field



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Password Validation > System

Password Validator > Provider Specific > Minimum Number of

Upper Case Characters field



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Password Validation > System

Password Validator > Provider Specific > Minimum Number of

Non-Alphanumeric Characters field

(1) via the Administration Console, Security Realm > Name of

the active Realm > Configuration > User Lockout > Lockout

Enabled attribute







(1) via chmod

(1) via the Administration Console, Security Realm > Name of

the active Realm > User Lockout > Lockout Threshold field









(1) via the Administration Console, Security Realm > Name of

the active Realm > User Lockout > Lockout Duration field



(1) via the Administration Console, Security Realm > Name of

the active Realm > User Lockout > Lockout Reset Duration

field

(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Adjudication >

DefaultAdjudicator > Provider Specific > Require Unanimous

Permit attribute



(1) via the Administration Console, Environment > Servers >

Administration Server > Configuration > SSL > Advanced >

Host Name Verification setting



(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Password Validation > System

Password Validator > Provider Specific > Minimum Number of

Non-Alphabetic Characters field









(1) via the Administration Console, Security Realm > Name of

the active Realm > Providers > Configuration > Provider

Specific > SSL enabled box





(1) via the Administration Console, Environment > Servers >

Server Name > Configuration > SSL > Advanced > Host Name

Verification setting



(1) via the Administration console, Security > General >

Advanced > Domain Credential field



(1) via the Administration Console, Domain Structure >

Domain Name > Configuration > General > Advanced >

Configuration Archive Enabled checkbox

(1) via the Administration Console, Domain Structure >

Domain Name > Configuration > General > Advanced >

Archive Configuration Count field



(1) via the Administration console, Domain Name > Security

Realm > Security Realm of interest > Users and Groups >

WebLogic user account > Passwords > Password field

(1) via the Administration Console, Domain Structure >

Environment > Servers > Server Name > SSL Listen Port field







(1) via the Administration Console, Domain Structure >

Domain Name > Configuration > General > Advanced >

Console Session Timeout field



(1) via the Administration Console, Base_Domain > link down to section 2.4,"install WebLogic

Configuration > General > Production mode checkbox server in a secure manner"



(1) via the Administration Console, Security Realms > name of

the Active Realm > Providers > Auditing

(1) via the Administration Console, Console > Domain

Structure > Domain Name > Configuration > General > link down to section 2.4,"install WebLogic

Advanced > Invocation Timeout Seconds field server in a secure manner"



(1) via the Administration Console, Domain Name > Security >

Anonymous Admin Lookup Enabled box

(1) via the Administration Console, Domain > Security >

General > Advanced > Web App Files Case Insensitive

textbox







(1) via the Administration Console, Domain Structure >

Configuration > General > Enable Administration Port attribute



(1) via the Administration Console, Environment > Servers >

Server Name > Configuration > SSL > Advanced > SSL

Rejection Logging Enabled attribute

(1) via the Administration Console, Environment > Servers >

Server Name > Configuration > SSL > Advanced > Export Key

Lifespan attribute





(1) via the Administration Console, Environment > Servers >

AdminServer > Configuration > General > Client Cert Proxy

Enabled checkbox







(1) via the Administration Console > Environment > Servers >

Managed Servers > Client Cert Proxy Enabled checkbox

(1) via the Administration Console, Domain > Environment >

Servers > Server Name > Protocols > HTTP > Frontend Host

field p30 Table 3-4, "Securing Applications"

(1) via the Administration Console, Security Realm > Name of

the Active Realm > Configuration > General > Advanced >

Check Roles and Policies setting





(1) via the Administration Console, Security Realm > Name of

the Active Realm > Configuration > General > Security Model

Default setting





(1) via the Administration Console, Security Realm > Name of

the Active Realm > Settings > Advanced > When Deploying

Web Applications or EJBs setting



(1) via the Administration Console, Domain Structure >

Domain Name > Configuration > General > Advanced >

Configuration Audit Type field





(1) via the Administration Console, Environment > Servers >

Administration Server > Configuration then via WLST or via

the Management APIs

(1) via the Administration Console, Environment > Servers >

Configuration > SSL > Advanced > Two Way Client Cert

Behavior attribute

(1) via the Administration Console, Domain > Security >

Embedded LDAP > Timeout field









(1) via the Administration Console, Domain > Security >

Embedded LDAP > Anonymous Bind Allowed checkbox





(1) via the Administration Console, Domain > Environment >

Servers > Server Name > Protocols > HTTP > Post Timeout

Field









(1) via the Administration Console, Domain > Environment >

Servers > Server Name > Protocols > HTTP . HTTP Duration

Field

(1) via the Administration Console, Domain > Environment >

Servers > Server Name > Protocols > HTTP > HTTPS

Duration Field



(1) via the Administration Console, Domain > Environment >

Servers > Server > Protocols > HTTP > HTTP Maximum Size

field

In order to configure a connection filter, follow the instructions

under the "Configuring Connection Filtering" section of the

following URL: http://download-

llnw.oracle.com/docs/cd/E13222_01/wls/docs81/secmanage/d

omain.html#1107380

In order to configure a connection filter, follow the instructions

under the "Configuring Connection Filtering" section of the

following URL: http://download-

llnw.oracle.com/docs/cd/E13222_01/wls/docs81/secmanage/d

omain.html#1107380







(1) via chmod







(1) via chmod









(1) via chmod









(1) via chmod









(1) via the Administration Console, Domain > Configuration >

Web Applications > Client Cert Proxy Enabled Field



(1) via the Administration Console, Domain > Configuration >

Web Applications > Auth Cookie Enabled Field



(1) via the Administration Console, Domain > Configuration >

Web Applications > Post Timeout Field

Oracle® Fusion Middleware

Securing a Production Environment for Oracle

WebLogic Server

11g Release 1 (10.3.1)

(1) via WLST E13705-01

(1) via chmod







(1) via the Administration console, Environment > Servers >

Server Domain > Server name > Protocols > Channels >

General > Complete Message Timeout field



(1) via the Administration console, Environment > Servers >

Server Domain > Server name > Protocols > Channels >

General > Idle Connection Timeout field





(1) via the Administration console, Environment > Servers >

Server Domain > Server name > Protocols > Channels >

General > Maximum Message Size field







(1) via the Administration Console, Environment > Machines >

the machine hosting the WebLogic Admin Server >

Configuration > Node Manager > Listen Address setting







(1) via the Administration Console, Environment > Machines >

the machine hosting the WebLogic Admin Server >

Configuration > Node Manager > Type setting









(1) via the Administration Console, domain name > Web

Service Security > Web Service Security Configuration name >

General > Policy Selection Preference setting

Oracle® Fusion Middleware

Securing a Production Environment for Oracle

(1) via the Administration Console, Domain > Environment > WebLogic Server

Servers > Server Name > Configuration > Tuning > Maximum 11g Release 1 (10.3.1)

Open Sockets Field E13705-01

Oracle® Fusion Middleware

Securing a Production Environment for Oracle

(1) via the Administration Console, Environment > Servers > WebLogic Server

Server Name > Configuration > Server Start > Arguments 11g Release 1 (10.3.1)

(2) via Startup Script E13705-01









(1) via the Administration Console, Environment > Servers >

Server Name > Configuration > Keystores > Demo Identity and

Demo Trust attribute





(1) via the Administration Console, Domain Structure >

Environment > Servers > Server Name >Logging > HTTP >

HTTP Access Log File Enabled checkbox





(1) via the Administration Console, Domain Structure >

Environment > Servers > Server Name > Configuration > SSL

> Advanced > Custom Hostname Verification field



(1) via the Administration Console, Environment > Servers >

Administration Server > SSL Listen Port Enabled attribute and

SSL Listen Port field



(1) via the Administration Console, Domain Structure >

Environment > Servers > Server Name > Listen Port enabled

checkbox

Securing Oracle WebLogic Server

Other WebLogic Documentation

11g Release 1 (10.3.1)









BEA WebLogic Server 10.0 Domain

Configuration Schema Reference, See

element complete-message-timeout









Oracle® Fusion Middleware Programming

JTA for Oracle WebLogic Server 11g Release

1 (10.3.1), link down to 3.3.2.3, "Configuring

Security Interoperability Mode"









link down to section 4.6, "configuring the

WebLogic auditing provider"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"

link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"







link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"

link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 4.6.1, "auditing context

handler elements"





link down to section 5.3, "configuring the

default authentication provider"

link down to section 5.8.1, Table 5-7









link down to section 5.8.1, Table 5-7







link down to section 5.8.1, Table 5-7







link down to section 5.8.1, Table 5-7







link down to section 5.8.1, Table 5-7







link down to section 5.8.1, Table 5-7







link down to section 5.8.1, Table 5-7







link down to section 5.8.1, Table 5-7









link down to section 5.8.1, Table 5-7









link down to section 5.8.1, Table 5-7









link down to section 5.8.1, Table 5-7



section 3.3. bullet 8 (link down to section 13.7,

"protecting user accounts")



section 3.3. (link down to section 13.6, "How

Passwords Are Protected in WebLogic

Server")

BEA WebLogic Server Domain Configuration

Schema Reference, See element lockout-

threshold

Report Number: I733-033R-2006

Date: December 2006

Oracle Application Server Security

Recommendations

and

DoDI 8500.2 IA Controls can be reached at:

http://www.nsa.gov/ia/_files/app/I733-033R-

2006.PDF, p.27 bullet 4 under "OAS Identity

Management'



BEA WebLogic Server Domain Configuration

Schema Reference, See element lockout-

reset-duration





link down to section 4.4, "configuring the

WebLogic communication provider"





link down to section 12.4,"using host name

verification





link down to section 5.8.1 Table 5-7,

"Password Composition Rules and Default

Values" scroll to p70

Report Number: I33-004R-2005

BEA WebLogic Platform Security Guide

Network Applications Team of the Systems

and Network Attack Center (SNAC)

Publication Date: 4 April 2005

Version Number: 1.0 "Security Service

Provides" p25,28







link down to section 12.4,"using host name

verification"





link down to 13.2.2, "Enabling Global Trust"





Introduction to Oracle WebLogic Server, 3

domain configuration files

BEA WebLogic Server 10.0 Domain

Configuration Schema Reference, See

element archive-config-count



BEA WebLogic Server 10.0 Security Schema

Reference, See element administration-port-

enabled

BEA WebLogic Platform Security Guide

Network Applications Team of the Systems

and Network Attack Center (SNAC), p. 24

"Domains and Realms"

Oracle® Fusion Middleware Release Notes

11g Release 1 (11.1.1); See Web Applications

Issues and Workarounds

http://download.oracle.com/docs/cd/E12839_0

1/doc.1111/e14770/weblogic_server_issues.ht

m#BCFCJGIF









link down to 4.6, "Configuring the WebLogic

Auditing Provider"







BEA WebLogic Server 10.0 Security Schema

Reference, See element anonymous-admin-

lookup-enabled

BEA WebLogic Server 10.0 Security Schema

Reference, See element web-app-files-case-

insensitive

Oracle® Fusion Middleware Configuring

Server Environments for Oracle WebLogic

Server 11g Release 1 (10.3.3), link down to

4.2.3.2, "Administration Port and

Administrative Channel"







link down to 12, "Configuring SSL"

BEA WebLogic Server 9.0 Domain

Configuration Schema Reference, element

export-key-lifespan



Oracle® Fusion Middleware Developing Web

Applications, Servlets, and JSPs for Oracle

WebLogic Server 11g Release 1 (10.3.1), link

down to B.13.13, "client-cert-proxy-enabled"



Oracle® Fusion Middleware Developing Web

Applications, Servlets, and JSPs for Oracle

WebLogic Server 11g Release 1 (10.3.1), link

down to B.13.13, "client-cert-proxy-enabled"

Oracle® Fusion Middleware

Securing Resources Using Roles and Policies

for Oracle

WebLogic Server

11g Release 1 (10.3.1)

E13747-01. link down to 4.2.1,

"Understanding the Check Roles and Policies

Setting" and 4.2.2, "Understanding the When

Deploying Web Applications or EJBs Setting"

Oracle® Fusion Middleware Securing

Resources Using Roles and Policies for

Oracle WebLogic Server 11g Release 1

(10.3.5), See 4 Options for Securing Web

Application and EJB Resources



Oracle® eDocs > Securing WebLogic

Resources Using Roles and Policies >

Options for Securing Web Application and

EJB Resources





link down to 4.6.2 "Enable Configuration

Auditing"



The WebLogic Server Mbean Reference:

JMXM Bean - EditMBeanServerEnabled

http://download.oracle.com/docs/cd/E12840_0

1/wls/docs103/wlsmbeanref/core/index.html

Oracle® Fusion Middleware Securing Oracle

WebLogic Server 11g Release 1 (10.3.5), See

12 Configuring SSL

The WebLogic Server Mbean Reference:

EmbeddedLDAPMBean - Timeout

Oracle® Fusion Middleware Administrator's

Guide for Oracle Internet Directory

11g Release 1 (11.1.1);

See Introduction to Anonymous Binds

01http://download.oracle.com/docs/cd/E12839

_01/oid.1111/e10029/authentication.htm#OID

AG2564

Oracle BEA Administration Console Online

Help;

http://download.oracle.com/docs/cd/E13222_0

1/wls/docs81/ConsoleHelp/domain_server_pr

otocols_http.html

Oracle® Fusion Middleware Administrator's

Guide for Oracle HTTP Server

11g Release 1 (11.1.1); See Introduction to

Oracle HTTP Server;

http://download.oracle.com/docs/cd/E12839_0

1/web.1111/e10144/intro_ohs.htm#HSADM10

1

BEA WebLogic Server 10.0 Domain

Configuration Schema Reference, See

element https-keep-alive-secs





BEA WebLogic Server 10.0 Domain

Configuration Schema Reference, See

element max-http-message-size









link down to 13.3, "Using Connection Filters"



Oracle® Fusion Middleware Securing Oracle

WebLogic Server 11g Release 1 (10.3.5), See

13 Configuring Security for a WebLogic

Domain



Oracle® Fusion Middleware Securing Oracle

WebLogic Server 11g Release 1 (10.3.1), See

"11 Configuring Identity and Trust"





link down to 11, "Configuring Identity and

Trust"



Oracle® Fusion Middleware Installation Guide

for Oracle WebLogic Server

11g Release 1 (10.3.1) -- See Choosing a

Product Installation Directory;

http://download.oracle.com/docs/cd/E12839_0

1/doc.1111/e14142/prepare.htm#WLSIG112

Oracle® Fusion Middleware Administrator's

Guide 11g Release 1 (11.1.1), See "2

Understanding Oracle Fusion Middleware

Concepts," "2.2 What Is an Oracle WebLogic

Server Domain"



Oracle® Fusion Middleware Developing Web

Applications, Servlets, and JSPs for Oracle

WebLogic Server 11g Release 1 (10.3.1), See

"B weblogic.xml Deployment Descriptor

Elements," then "client-cert-proxy-enabled"

BEA WebLogic Server 10.0 Domain

Configuration Schema Reference, element

auth-cookie-enabled

BEA WebLogic Server 10.0 Domain

Configuration Schema Reference, element

post-timeout-secs

Oracle® Fusion Middleware Installation Guide

for Oracle Identity Management

11g Release 1 (11.1.1) --

Installing Oracle WebLogic Server and

Creating the Oracle Middleware Home

http://download.oracle.com/docs/cd/E12839_0

1/install.1111/e12002/before.htm#INOIM957

Oracle® Fusion Middleware Performance and

Tuning for Oracle WebLogic Server 11g

Release 1 (10.3.4), See “7 Tuning WebLogic

Server, Reducing the Potential for Denial of

Service Attacks, Tuning Complete Message

Timeout"



BEA WebLogic Server 10.0 Domain

Configuration Schema Reference. See:

element idle-connection-timeout

Oracle® Fusion Middleware Performance and

Tuning for Oracle WebLogic Server 11g

Release 1 (10.3.4), See "14 Tuning WebLogic

JMS," then "Setting Maximum Message Size

for Network Protocols

Oracle® Fusion Middleware Node Manager

Administrator's Guide for Oracle WebLogic

Server 11g Release 1 (10.3.1), See “4

Configuring Java Node Manager, then

Reviewing nodemanager.properties, Table 4-1

Node Manager Properties”

Oracle® Fusion Middleware Node Manager

Administrator's Guide for Oracle WebLogic

Server 11g Release 1 (10.3.1), See “4

Configuring Java Node Manager, then

Configuring Java-based Node Manager

Security”









Oracle® Fusion Middleware Securing

WebLogic Web Services for Oracle WebLogic

Server 11g Release 1 (10.3.1), See “2

Configuring Message-Level Security, Smart

Policy Selection, Configuring Smart Policy

Selection”

Overview of Security Management, (p7, refers

to Chapter 11 Configure Identity and Trust)

Oracle® Fusion Middleware Configuring

Server Environments for Oracle WebLogic

Server 11g Release 1 (10.3.1), See "5

Configuring Web Server Functionality ," then

"Setting Up HTTP Access Logs"

Oracle® Fusion Middleware Programming

Security for Oracle WebLogic Server 11g

Release 1 (10.3.1), See "4 Using SSL

Authentication in Java Clients," then "Using a

Custom Hostname Verifier"

BEA WebLogic Platform Security Guide

Network Applications Team of the Systems

and Network Attack Center (SNAC), p. 24

"Domains and Realms"

BEA WebLogic Platform Security Guide

Network Applications Team of the Systems

and Network Attack Center (SNAC), p. 24

"Domains and Realms"



Related docs
Oracle WebLogic Server 11g_ Administration Essentials_1_
Views: 71  |  Downloads: 0
Professional Oracle WebLogic Server
Views: 78  |  Downloads: 0
Oracle Weblogic Server 11g System Administration I
Views: 0  |  Downloads: 0
Compare WebSphere Application Server v7 to Oracle WebLogic 11g | IBM
Views: 45  |  Downloads: 0
Testking Web 1Z0-102 Exam - Oracle Weblogic Server 11g: System Administration I
Views: 5  |  Downloads: 0
Oracle WebLogic Server 10g Developer
Views: 0  |  Downloads: 0
Oracle WebLogic Server 10g Developer
Views: 0  |  Downloads: 0
oracle 11g
Views: 55  |  Downloads: 1
Oracle_WebLogic_Server11g
Views: 4  |  Downloads: 0
WebLogic Server a comparison with Oracle Application Server Simon
Views: 240  |  Downloads: 10
Deploying ADF Applications to Oracle WebLogic Server
Views: 29  |  Downloads: 1
Oracle WebLogic Server - WebLogic Diagnostic Framework - WLDF
Views: 37  |  Downloads: 0
Oracle WebLogic Server Development with Eclipse, Maven, and
Views: 245  |  Downloads: 5
Solix Enterprise Data Management Suite Achieves Oracle Database Ready, Oracle WebLogic Ready and Oracle Linux Ready Status
Views: 20  |  Downloads: 0
WA1780 Oracle WebLogic Server 10
Views: 20  |  Downloads: 2
Oracle Enterprise Manager 11g Essentials
Views: 0  |  Downloads: 0
Other docs by linzhengnd
option strategy excel spreadsheet
Views: 3  |  Downloads: 0
Tips on Effective Listening
Views: 0  |  Downloads: 0
Data Center World Spring 2012 March 18–22_ 2012 Mirage Hotel Las
Views: 1  |  Downloads: 0
Budget Kenya and Tanzania June10 -June 26_ 2009 Zanzibar Extension ...
Views: 0  |  Downloads: 0
TO DOWNLOAD TEXT - Repairing The Breach
Views: 0  |  Downloads: 0
Power-Up Tested - Access Mobile
Views: 4  |  Downloads: 0
6502 Sell stone monuments and memorials
Views: 0  |  Downloads: 0
Stormwater Certification fo Approved Subdivision mwater ...
Views: 0  |  Downloads: 0
Sheet1 - Atlanta International School
Views: 2  |  Downloads: 0
AFRICAN UNION
Views: 0  |  Downloads: 0
By registering with docstoc.com you agree to our
privacy policy
Close

You are almost ready to download!

close

You are almost ready to download!