Scalix Forums


http://www.scalix.com/forums/

Tighten SAC Login procedure

http://www.scalix.com/forums/viewtopic.php?f=2&t=18112

Page 1 of 1

Tighten SAC Login procedure

Posted: Mon Aug 16, 2010 11:29 am
by charon
Hi,

I'm getting more and more log-in failures and would like to increase security for the sxadmin user (SAC).
Is it possible to add an additional htaccess login before the /SAC ?
I could not find the IP Address of the failed login in the old audit.logs because they are only stored one week!?
How do you guys solve this issue?

charon

Re: Tighten SAC Login procedure

Posted: Tue Aug 17, 2010 5:19 am
by ls-al
As this an interesting task I spent some minutes to try it by myself.
Example solution for CentOS5.5:

Code: Select all

[root@master ~]# cd /etc/opt/scalix-tomcat/connector/ajp/
[root@master ajp]# htpasswd -c htaccess.sac admin
New password:
Re-type new password:
Adding password for user admin
[root@master ajp]# vi app-master.sac.conf
[root@master ajp]# cat app-master.sac.conf
ProxyPass /sac  ajp://master.scalixtraining.com:8009/sac
<Location /sac>
    AuthType Basic
    AuthName "Restricted"
    AuthUserFile /etc/opt/scalix-tomcat/connector/ajp/htaccess.sac
    Require valid-user
    AuthBasicProvider file
</Location>
[root@master ajp]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:


I had to provide the credential I have created with the htpasswd tool.

Failed logins will rather be logged in the scalix-caa.log.
Weekly rotation of the audit log is usually done by "sxmaint -daily". If you want to keep them for a longer time you can use your own script to do the rotation.

Re: Tighten SAC Login procedure

Posted: Tue Aug 24, 2010 12:23 pm
by charon
it really works like a charm.
i just missed your answer.
really good work!
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/