for Solaris Frequently Asked Questions
Q: How do I uninstall this product?
A: Type: /usr/sbin/http_uninstall
Q: How do I set the HTML
Root path to a different path then the default
HTML Root path in Apache?
A: If Apache is used as your web server, you should
update your httpd.conf file under the Apache
directory. Change the DocumentRoot according to
the HTML Root path currently used for your
homepage. During installation of HTTProtect, you
need to update only the HTML DocumentRoot
accordingly and leave the rest of Apache
directories un-touched. This will get your
homepage protected. In the case you do not have
Apache, you can install it from our CD. Once you
have Apache installed, you can update httpd.conf
accordingly.
CAUTION: Apache needs to be
restarted when the httpd.conf file is modified to
take effect. Execute the following commands to
restart Apache:
/usr/local/apache/bin/apachectl stop
/usr/local/apache/bin/apachectl start
Q: What if I set
different HTML root path on httpd.conf file then
that in installation?
A:
Your HTTProtect GUI will have missing icons. The
DocumentRoot path in httpd.conf file must be the
same one specified during HTTProtect installation. You may
re-install HTTProtect to correct it.
Q: What is the lock_list?
A:
HTTProtect hardens certain directories automatically
upon initial installation. The hardened list is located in
/etc/omnisecure/lock_list. A sample lock_list is shown below.
/usr/local;node;firm
/sbin;tree;firm+
Each line has three fields, separated by semicolons.
The 1st field is the directory to
be hardened. The 2nd field is the node or
tree. The 3rd field is 'firm' for node
and ' firm+' for tree. man omnish
will give a more complete explanation of the
lock_list.
Q: How do I harden
and/or un-harden a directory in the Web?
A:
HTTProtect is designed to protect the web site on web
server. If you are using Apache, then the Apache related
directories are automatically
protected after installation. You can harden individual
directories by clicking the lock icon under
"size" row of the File Manager on
HTTProtect GUI. A closed lock icon indicates a
hardened directory.
Q: How do I harden
and/or un-harden a directory in the Server?
A: The
system hardening on the web server is done
through the file called lock_list. To do
hardening/unhardening, one needs to update the
lock_list file with omnish privilege. Execute the
following commands after the lock_list is modified
for the hardening to take into effect:
Hardening: omnish -h
Unhardening: omnish -u
CAUTION:
The lock_list is
used for system harden/unharden purpose. Web HTML
related hardening must be done as shown in the previous
question. Also, we
recommend to follow the sequence when updating
the lock_list:
omnish -u
(update the lock_list)
omnish -h
Q: How do I change my
"omnish" pass phrase?
A:
Type: omnish -c
Q: What if I forgot my
"omnish" pass phrase?
A: The current "omnish" password
is required to change it from the command line.
However, it can be reset to re-create a new
one. This method can be used to change the
password or recover a system if the password is
lost:
- Stop the server (press Stop-A on the keyboard console, or send a Telnet BRK).
- Re-boot the system in single user mode at the OK prompt: boot -s
- Remove the old HTTProtect sys admin id file: rm /etc/omnisecure/.vpdlock
- Re-boot the system: reboot
- Run omnish to set the new password.
Q: What is the effect of writing to a symbolic link file?
A: Symbolic links have the same protections as the files they
point to. If the target file is locked with a particular key, the
symlink pointing to that file will require the same key for access
to the file's contents. However, without this key, certain
operations (such as
cp -f, mv -f and some editors) cause the
symlink to be replaced with a normal file. The locking on this
new file will be determined by the lock on its directory, while the
target of the (former) symlink will be unaffected.
Q: Does this product support multi-CPU server?
A:
No. This release will only support single CPU. A future
version of HTTProtect will support multi-CPU systems.