15.3 Security Configuration

The following sections provides a summary of security-related configuration settings for QuickFinder:

15.3.1 QuickFinder Configuration Settings

The following table lists the QuickFinder configuration settings that are security-related or impact the security of QuickFinder.

Table 15-2 QuickFinder Security Configuration Settings

Configuration Setting

Possible Value

Default Value

Recommended Value for Best Security

QFind.cfg > MsgDetail

“Level of detail in indexing logs:” -1 through 5

3

5

QFind.cfg > AutoTimeOut

“Maximum query duration (seconds).” Any integer.

30 seconds

15

QFind.cfg > CheckRights

“Authorization checking:” Off | Index | ResultItem

Off

ResultItem

QFind.cfg > CheckRightsFilePath

“by Index (Only users that have read access to the following file have access to the index)” Any string value

Points to /docs/index.html

A file that is more rights-controlled

QFind.cfg > CheckRightsFilter

“Unauthorized hits filtered by” Engine | Templates

Engine

Engine

QFind.cfg > UserID

“Basic Authentication: User ID“ Any string value

“”

If possible, crawl public only.

QFind.cfg > Password

“Basic Authentication: Password“ Any string value

“”

If possible, crawl public only.

QFind.cfg > AuthFields

“Form-based Authentication” fields Any string value

“”

If possible, crawl public only.

QFind.cfg > LoginURL

“Alternate Login URLs” Any string value

“”

If possible, crawl public only.

QFind.cfg > HTTPHeaders

“HTTP Headers:” any string value

“”

“”

QFind.cfg > IndexLocation

“Location of index files:” Any directory in the file system Any string value

<qfsearch>/Sites/<VSS name>/indexes/<index name>

Any directory that is secured.

QFind.cfg > CanBeMirrored

“Index may be copied to other clustered servers:” true | false

FALSE

FALSE

AdminServlet.properties > AdminServlet.RequireSSL

“Require HTTPS when administering QuickFinder Server:” true | false

TRUE

TRUE

AdminServlet.properties > AdminServlet.Authenticate

“Require authorization when administering QuickFinder Server:” true | false

TRUE

TRUE

AdminServlet.properties > AdminServlet.ProductUpdates.Enabled

“Check for product updates:” true | false

TRUE

FALSE

AdminServlet.properties > AdminServlet.ProductUpdates.URL

Not in UI Any string value

http://search.novell.com/qfsearch/UpdateServlet

“”

???????.properties > GeneralServlet.Errors.Enabled QueryLog.Enabled ClusterServices.Log.Enabled

“Log Enabled” true | false

TRUE

TRUE

????????.properties > GeneralServlet.Errors.Destination ClusterServices.Log.Destination

“Log to:” File | Console | Both

Both

Both

???????.properties > GeneralServlet.Errors.LogFile.DeleteOnRestart ClusterServices.Log.DeleteOnRestart

“New log when services load:” true | false

TRUE

FALSE

???????.properties > GeneralServlet.Errors.LogFile.MaxSize ErrorLog.MaxSize ClusterServices.Log.MaxSize

“Maximum log size (bytes):” Any positive integer

30000

30000

GeneralServlet.properties > GeneralServlet.Mail.Enabled

“Enable e-mail services:” true | false

FALSE

TRUE

GeneralServlet.properties > GeneralServlet.Mail.SMTPHost

“Outgoing SMTP Host name:” Any string value

“”

The name of the local SMTP mail server.

GeneralServlet.properties > GeneralServlet.Mail.SMTPPort

“Outgoing SMTP Port #:” Any positive integer

25

The correct port of the local SMTP server.

GeneralServlet.properties > GeneralServlet.Mail.SMTPUserID

“Outgoing SMTP User ID (optional):” Any string value

“”

The UserID of the local SMTP mail server.

GeneralServlet.properties > GeneralServlet.Mail.SMTPPassword

“Outgoing SMTP Password (optional):” Any string value

“”

The password of the local SMTP mail server.

Cluster.properties > ClusterServices.Send.Enabled

“Will this machine send cluster data:” true | false

FALSE

FALSE

Cluster.properties > ClusterServices.Receive.Enabled

“Will this machine receive cluster data:” true | false

TRUE

FALSE

Cluster.properties > ClusterServices.RequireHTTPS

“Require HTTPS for all cluster communications:” true | false

FALSE

TRUE

Cluster.properties > ClusterServices.Authentication.RequireAuthentication

“Require admin authorization when receiving cluster data:” true | false

TRUE

TRUE

SiteList.properties > SiteList.GlobalSite

“Default location of virtual search servers:” Any string value

<QFSearch>/sites

A protected file system location.

SiteList.properties > Monitor.SiteCache.DynamicUpdates

“Detect manual search server changes:” true | false

TRUE

FALSE

SiteList.properties > Monitor.TemplateCache.DynamicUpdates

“Detect template changes:” true | false

TRUE

FALSE

General.properties > Monitor.SiteCache.PurgeSiteSeconds

Not in UI Defaults to 20 minutes Any non-negative integer

1200

60

General.properties > QueryLog.Mail.Enabled

“E-mail log reports:” true | false

FALSE

FALSE

General.properties > Recipients

“...enter recipients...”

“”

“”

General.properties > Site.Cluster.Send.Enabled

“Let Virtual Search Server send cluster data:” true | false

FALSE

FALSE

General.properties > Site.Cluster.Send.ClusterNames

“Name of clusters to send to:” Any string value

“”

“”

General.properties > Site.Cluster.Receive.Enabled

“Let Virtual Search Server receive cluster data:” true | false

FALSE

FALSE

General.properties > Response.PotentialHits.Max

“Refuse queries if potential hits exceed:” Any positive integer.

10000

5000

Search.properties > Print.properties > Search.Request.NumHits.Max Search.BestBet.NumHits.Max Print.Request.NumHits.Max

“Maximum number of results per page:” Any positive integer up to “Highest allowed result number:”

200 5 200

100 5 25

Search.properties > Print.properties > Search.Request.LastHitNum.Max Print.Request.LastHitNum.Max

“Highest allowed result number:” Any positive integer

1000 1000

200 200

Search.properties > Print.properties > Search.Templates.Directory Print.Templates.Directory Highlighter.Templates.Directory

“Templates directory:” Any string value

<qfsearch>/Templates

A rights-controlled directory.

Print.properties > Print.Response.PrintSize.Warning

“Print job size warning (bytes):” Any positive integer

102400

40960

Print.properties > Print.Response.PrintSize.Max

“Maximum print job size (bytes):” Any positive integer

2097152

512500

Security.properties > Security.Authentication.RealmString

“Authentication realm string:” (Only used if LoginType is set to basic, 0) Any string value

“QuickFinder Server”

Best if it matches the Web server’s realm.

Security.properties > Security.LoginType

Not in UI 0 - login type basic 1 - login type form

1

1

Security.properties > Security.CheckRightsByDir

“Check authorization by directory:” true | false

TRUE

FALSE

Security.properties > Security.AutoLogoutTime

“Auto-logout time (minutes):” Any positive integer -1 == never log out

30

5

Security.properties > Security.RequireHTTPS

“Require https:” true | false

TRUE

TRUE

15.3.2 Configuration Settings for Other Products

The following table lists the configuration settings for other products that impact the security of QuickFinder.

Table 15-3 Configuration Settings for Other Products

Product Name

Configuration Setting

Default Value

Recommended Value for Best Security

PAM

Rights to the shadow group on Linux

Not made a member of this group.

Not made a member of this group, but requires that eDirectory is installed.