From b2c4da037cb6eeda0d56b24f306c6ff41a9b1e9b Mon Sep 17 00:00:00 2001 From: Rosemary Marano Date: Fri, 6 Aug 2021 14:43:58 -0400 Subject: [PATCH 1/3] security validations FAQ --- .../content/faq/security-validation.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 documentation/staging/content/faq/security-validation.md diff --git a/documentation/staging/content/faq/security-validation.md b/documentation/staging/content/faq/security-validation.md new file mode 100644 index 00000000000..3c4cb67ed2f --- /dev/null +++ b/documentation/staging/content/faq/security-validation.md @@ -0,0 +1,30 @@ +--- +title: "Handling security validations" +date: 2020-06-30T08:55:00-05:00 +draft: false +weight: 14 +description: "Why am I seeing these security warnings?" +--- + +> After applying the July2021 PSU, I'm now seeing security warnings, such as: +> +> Description: Production Mode is enabled but user lockout settings are not secure in realm: myrealm, i.e. LockoutThreshold should not be greater than 5, LockoutDuration should not be less than 30. +> +> SOLUTION: Update the user lockout settings (LockoutThreshold, LockoutDuration) to be secure. + +WebLogic Server has a new, important feature to ensure and help you secure your WLS domains when running in production. With the July 2021 PSU applied, WebLogic Server regularly validates your domain configuration settings against a set of security configuration guidelines to determine whether the domain meets key security guidelines recommended by Oracle. For more information and additional details, see [MOS Doc 2788605.1](https://support.oracle.com/rs?type=doc&id=2788605.1) "WebLogic Server Security Warnings Displayed Through the Admin Console" and [Review Potential Security Issues](https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/lockd/secure.html#GUID-4148D1BE-2D54-4DA5-8E94-A35D48DCEF1D) in _Securing a Production Environment for Oracle WebLogic Server_. + +Warnings may be at the level of the JDK, or that SSL is not enabled. They may recommend that you take an external action like setting the right permissions in the `DOMAIN_HOME` file system. Some warnings may recommend updating your WebLogic configuration. + +Depending on your [domain home source type]({{< relref "/userguide/managing-domains/choosing-a-model/_index.md" >}}), you may need to: + + +- For Domain in PV, use the WebLogic Scripting Tool (WLST), WebLogic Server Administration Console, or WebLogic Deploy Tooling (WDT) to make the recommended configuration changes. + +- For Domain in Image, create a new image with the recommended configuration changes. + +- For Model in Image, make configuration changes in the model. + + - For Model in Image domains, you may want to use [runtime updates]({{< relref "/userguide/managing-domains/model-in-image/runtime-updates.md" >}}). + + - For other domain home source types, you may want to use [configuration overrides]({{< relref "/userguide/managing-domains/configoverrides/_index.md" >}}). From 156df2b67fb9f64ade5e580b185fcc70e9f4a9e8 Mon Sep 17 00:00:00 2001 From: Rosemary Marano Date: Sun, 8 Aug 2021 07:11:11 -0400 Subject: [PATCH 2/3] incorporate Toms suggestion --- .../staging/content/faq/security-validation.md | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/documentation/staging/content/faq/security-validation.md b/documentation/staging/content/faq/security-validation.md index 3c4cb67ed2f..69c45caacc9 100644 --- a/documentation/staging/content/faq/security-validation.md +++ b/documentation/staging/content/faq/security-validation.md @@ -16,15 +16,10 @@ WebLogic Server has a new, important feature to ensure and help you secure your Warnings may be at the level of the JDK, or that SSL is not enabled. They may recommend that you take an external action like setting the right permissions in the `DOMAIN_HOME` file system. Some warnings may recommend updating your WebLogic configuration. -Depending on your [domain home source type]({{< relref "/userguide/managing-domains/choosing-a-model/_index.md" >}}), you may need to: +You can make the recommended configuration changes using an approach that depends on your [domain home source type]({{< relref "/userguide/managing-domains/choosing-a-model/_index.md" >}}): +- For Domain in PV, use the WebLogic Scripting Tool (WLST), WebLogic Server Administration Console, WebLogic Deploy Tooling (WDT), or [configuration overrides]({{< relref "/userguide/managing-domains/configoverrides/_index.md" >}}). -- For Domain in PV, use the WebLogic Scripting Tool (WLST), WebLogic Server Administration Console, or WebLogic Deploy Tooling (WDT) to make the recommended configuration changes. +- For Domain in Image, create a new image with the recommended changes or use [configuration overrides]({{< relref "/userguide/managing-domains/configoverrides/_index.md" >}}). -- For Domain in Image, create a new image with the recommended configuration changes. - -- For Model in Image, make configuration changes in the model. - - - For Model in Image domains, you may want to use [runtime updates]({{< relref "/userguide/managing-domains/model-in-image/runtime-updates.md" >}}). - - - For other domain home source types, you may want to use [configuration overrides]({{< relref "/userguide/managing-domains/configoverrides/_index.md" >}}). +- For Model in Image, supply model files with the recommended changes in its image's `modelHome` directory or use [runtime updates]({{< relref "/userguide/managing-domains/model-in-image/runtime-updates.md" >}}). From 821a6e7bc2f1ded427f61db523bd39951d7c03d5 Mon Sep 17 00:00:00 2001 From: Rosemary Marano Date: Mon, 9 Aug 2021 13:54:50 -0400 Subject: [PATCH 3/3] incorporate Monica's edit --- documentation/staging/content/faq/security-validation.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/documentation/staging/content/faq/security-validation.md b/documentation/staging/content/faq/security-validation.md index 69c45caacc9..229f6d65284 100644 --- a/documentation/staging/content/faq/security-validation.md +++ b/documentation/staging/content/faq/security-validation.md @@ -14,9 +14,7 @@ description: "Why am I seeing these security warnings?" WebLogic Server has a new, important feature to ensure and help you secure your WLS domains when running in production. With the July 2021 PSU applied, WebLogic Server regularly validates your domain configuration settings against a set of security configuration guidelines to determine whether the domain meets key security guidelines recommended by Oracle. For more information and additional details, see [MOS Doc 2788605.1](https://support.oracle.com/rs?type=doc&id=2788605.1) "WebLogic Server Security Warnings Displayed Through the Admin Console" and [Review Potential Security Issues](https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/lockd/secure.html#GUID-4148D1BE-2D54-4DA5-8E94-A35D48DCEF1D) in _Securing a Production Environment for Oracle WebLogic Server_. -Warnings may be at the level of the JDK, or that SSL is not enabled. They may recommend that you take an external action like setting the right permissions in the `DOMAIN_HOME` file system. Some warnings may recommend updating your WebLogic configuration. - -You can make the recommended configuration changes using an approach that depends on your [domain home source type]({{< relref "/userguide/managing-domains/choosing-a-model/_index.md" >}}): +Warnings may be at the level of the JDK, or that SSL is not enabled. Some warnings may recommend updating your WebLogic configuration. You can make the recommended configuration changes using an approach that depends on your [domain home source type]({{< relref "/userguide/managing-domains/choosing-a-model/_index.md" >}}): - For Domain in PV, use the WebLogic Scripting Tool (WLST), WebLogic Server Administration Console, WebLogic Deploy Tooling (WDT), or [configuration overrides]({{< relref "/userguide/managing-domains/configoverrides/_index.md" >}}).