Objective
This document focuses on setting up folder permissions for the installation directory to ensure seamless usability and to secure the installation from unauthorized access. Unauthorized access to the installation directory could enable a user to tamper with the directory's contents, leading to security risks such as sensitive data exposure and operational risks such as making the product unusable. This document discusses the measures to prevent unauthorized users from accessing the EventLog Analyzer installation directory and modifying its contents.
Prerequisites
- Have access to the server where EventLog Analyzer is installed as an administrator.
Steps to follow
To prevent unauthorized access to the EventLog Analyzer installation directory for Linux, follow the steps below based on your build version of EventLog Analyzer.
Case 1: For new EventLog Analyzer installations, builds 12445 and above
For new installations of builds 12445 and above, only the following types of user accounts are automatically provided access to the installation directory:
Case 2: For existing EventLog Analyzer installations, builds lower than 12445
Unauthorized users can be prevented from accessing the EventLog Analyzer installation directory for builds lower than 12445 by setting up permissions using a .sh file.
With this method, access to the installation directory is automatically restricted to only the necessary accounts. There are two ways to do this:
Option 1: Update to build 12445. Navigate to the <Product Installation Directory>/bin folder (by default: /opt/ManageEngine/EventLog Analyzer/bin) and run the setAppPermission.sh file from an elevated Command Prompt.
Option 2: Download this zip file. Extract the zip and move setAppPermission.sh to the <Product Installation Directory>/bin folder. Run the setAppPermission.sh file from an elevated Command Prompt. Tips
Secure your installation with limited access to ensure data security and integrity.
Use a service account to start the service and offer full control only to the service account and selective user accounts (for backup purposes).