dynamic configuration of freeradius server - dynamic

Currently we have to restart radiusd every time after making configuration changes. According to this man page (https://freeradius.org/radiusd/man/radmin.html) some configurations can be huped using radmin so that dynamic configuration change can be done without server restart. However, this page does not give much details on what configuration can be huped, eg. I tried to hup an eap configuration but it is not supported. Is there a check list of modules/parameters configuration that are supported by hup method?

Related

Tomcat, hide javax.net.ssl.keyStorePassword from -D options

The application installed on Tomcat (9.0.36.B.RELEASE) connects to an external source using SSL (in this case, IBM MQ). I therefore need to specify a truststore, and password for this truststore.
I got it to work adding this to the JVM_OPTS in setenv.sh:
-Djavax.net.ssl.trustStore=/opt/apps/certs/myapplication.truststore
-Djavax.net.ssl.trustStorePassword=TRUSTSTORE-PASSWORD
-Djavax.net.ssl.keyStore=/opt/apps/certs/myapplication.keystore
-Djavax.net.ssl.keyStorePassword=KEYSTORE-PASSWORD
Classic issue with this, the passwords are visible when I do ps -ef|grep java (runs on RHEL).
I have seen a couple suggestions on how to do this (like Hiding plain text password in JVM startup argumnets. " ps -ef | grep 'javax.net.ssl.keyStorePassword'"). But these change/add code or configuration in the WAR file.
I am looking for a "tomcat" solution. Is there a way to to this within the confines of Tomcat. Changes to the WAR file are difficult to implement, as the application comes from a vendor.
Note: this is not for a connector configuration in web.xml since that would only setup SSL for incoming connections. Here the application is making connections to an external system (so outbound from Tomcat's perspective).
You can add additional properties to $CATALINA_BASE/conf/catalina.properties and they will be sourced during Tomcat's startup. As you are certainly aware, system properties are global to the JVM, so there is no way to restrict this configuration to a single application only: the entire Tomcat server will be affected.
Almost all Java system properties can by set this way, with a few exceptions:
catalina.base and catalina.home (obviously),
the configuration for Tomcat logging,
the configuration for JMX and other tools that start before user code.
Attention: You must check whether the VersionLoggerListener (defined in server.xml) does not have logProps="true", otherwise the values of system properties will be logged. By default only the JVM arguments are logged.

Apache Security settings - unsure of where to find in Config file

This is my first post under the Apache tag, so not sure if I have posted it in the correct spot. Apologies if it's not.
We recently had an audit done on our Apache server. It's running on a Windows Server 2012 R2, and I installed Apache 2.4.27 through WAMP.
The results from the Audit are fairly specific, but I don't know where to go in the Config file to fix these. My IMIT department has gone through a number of changes and we no longer have someone who can help me, so I'm stuck.
The three areas I need to correct are:
1) MISSING SECURITY HEADERS Recommendation: Implement HTTP security headers in the web applications to prevent exploitation of vulnerabilities.
2) Recommendation: Make sure that browsable directories do not leak confidential informative or give access to sensitive resources. Additionally, use access restrictions or disable directory indexing for any that do.
3) The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. Recommendation: Disable these methods.
I have looked in the config and in various documentation online but the Windows install for Apache seems to be unique, and I don't want to risk screwing up something that breaks the install.
Any ideas would be greatly appreciated.
Chris
Find httpd.conf file. It should be in the conf folder in the localization where Apache is installed like for ex:
C:/Apache/Apache/conf/httpd.conf
If you're not sure where that is - open task manager, find httpd.exe and check it's properties.
Then add required configuration there.
Check out this helpful github:
https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess
You can check your configuration files for syntax errors without starting the server by using apachectl configtest or the -t command line option.

Weblogic run configuration in IntelliJ idea - disable basic authentication

I need to disable basic auth on weblogic server, which can be done by adding <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials> into config.xml in a weblogic domain.
I'm deploying a web service to weblogic directly from IntelliJ Idea and every time I start deploy, the config.xml is replaced by a new one, so I cannot change config manually. I guess I need to pass some extra arguments in IntelliJ's run configuration. Does anyone has any experiences with this?
It was my mistake. I tried to modify config.xml and forgot my server is still running. According to this page I think it's pretty obvious why this happens. So, it has nothing to do with IntelliJ Idea.
Caution: Do not edit configuration files for a domain that is
currently running. Because Oracle WebLogic Server rewrites the files
periodically, your changes will be lost. Depending on your platform,
you also could cause Oracle WebLogic Server failures.

Tomcat Apache server restart required too frequently

It is troublesome to restart he server every time content gets changed. Is there any utility that detects if the content edited does not affect the working of code eg. changing variable value?
I am curious what type of change you're making. When you make a change in javascript, there is no need to restart the Tomcat server. But if you modify any thing which needs to compile then only you need to restart after recompilation. But you can configure tomcat for reload automatically your servlets, configure the attribute re-loadable to true of the Context. Take a look at context.xml.

Logging not working for additional tomcat instances

I have a tomcat installation that is the default one. This is also setup to start automatically when my system starts. This default installation can be started or stopped with
sudo /etc/init.d/tomcat7 start | stop | restart
Logging works for this installation.
I also have 2 other tomcats (other version of tomcat7 installed on this system). Both of these instances are installed in the project workspaces. These tomcat instances are added to projects using the Servers view. Logging does not work for them at all. (I can't find anything if I look into their logs folders). What do I need to change to activate logging for these installations.
For the configuration of the DailyRollingFileAppender you can have a look at the answer for this question: log4j properties DailyRollingFileAppender does not work or other similar posts.
In order to check if the log4j configuration is really read or not, you can turn on debugging by adding this parameter in the start configuration:
-Dlog4j.debug
The appender should work as soon as this is activated. Check your home folder or your logs folder to see if it works.
You can essentially add this type of appender for each extra Tomcat you have in your configuration.