X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Fdocs%2Fsecurity.pod;fp=rt%2Fdocs%2Fsecurity.pod;h=b8650e05d49d650515ac5161dbc7f868aeb797fb;hp=0000000000000000000000000000000000000000;hb=6587f6ba7d047ddc1686c080090afe7d53365bd4;hpb=47153aae5c2fc00316654e7277fccd45f72ff611 diff --git a/rt/docs/security.pod b/rt/docs/security.pod new file mode 100644 index 000000000..b8650e05d --- /dev/null +++ b/rt/docs/security.pod @@ -0,0 +1,77 @@ +=head1 RT Security + +=head2 Reporting security vulnerabilities in RT + +If you believe you've discovered a security issue in RT, please send an +email to with a detailed description of the +issue, and a secure means to respond to you (such as your PGP public +key). + +More information is available at L. + +=head2 Security tips for running RT + +=over + +=item * + +Protect your RT installation by making it only accessible via SSL. This +will protect against users' passwords being sniffed as they go over the +wire, as well as helping prevent phishing attacks. If you use SSL, you +will need to install some additional Perl libraries so that C +can connect. You can use the C<--enable-ssl-mailgate> command to +configure to automate the installation of these dependencies. This is +documented further in step 10 of the README. + +You should use a certificate signed by a reputable authority, or at very +least a certificate signed by a consistent local CA, which you configure +your local systems to trust. If your SSL certificate is self-signed, it +does little to prevent phishing, as users are trained to accept the +unauthorized certificate. See also the C<--no-verify-ssl> flag to +C. + +=item * + +Be sure to change the password for the C user of RT. The default +password is C. This can be changed via the RT web interface +at: Preferences > About me + + +=item * + +Be sure to protect your F file if it contains database +credentials or other sensitive information. This file only needs to be +readable by RT and your web server. One way to accomplish this is to +make the file readable only by root and the group that RT runs as, and +then make sure your web server is a member of that group. Advanced +configuration may be required if other users have the ability to run +CGIs or access the server where RT is running. + + +=item * + +Be sure to protect your database. If it does not need to talk to the +world, then don't allow it to listen for remote connections. With MySQL +this can be accomplished via C. If you use your +database for other things and must allow remote connections, be sure to +use a strong, hard to guess password for RT. + + +=item * + +Apache, lighttpd, and most other web servers support name based virtual +hosts. When possible, configure RT as a name based virtual host to +raise the bar against DNS rebinding attacks. If you see RT when you +visit http://your.servers.ipaddress.here, it means you are likely not +getting this additional protection. + + +=item * + +Use groups to organize RT permissions. Granting permissions per-user +makes them, in general, more easily over-granted and forgotten, and more +likely to diverge from each other, forming a maintenance hassle. + +=back + +=cut