Archive for August, 2008

Support 4G or more memory for Fedora / RHEL / CentOS

Sunday, August 17th, 2008

If you have 4 GB or more RAM use the Linux kernel compiled for PAE capable machines. Your machine may not show up total 4GB ram. All you have to do is install PAE kernel package.

This package includes a version of the Linux kernel with support for up to 64GB of high memory. It requires a CPU with Physical Address Extensions (PAE).
The non-PAE kernel can only address up to 4GB of memory. Install the kernel-PAE package if your machine has more than 4GB of memory (>=4GB).

To install PAE Kernel.

yum install kernel-PAE

Enable Alfresco to Audit all Read Request

Saturday, August 9th, 2008

http://wiki.alfresco.com/wiki/Audit_Configuration

Alfresco Audit is note turn on by default.

Create custom-audit-services-context.xml in the extension directory

<?xml version=’1.0′ encoding=’UTF-8′?>
<!DOCTYPE beans PUBLIC ‘-//SPRING//DTD BEAN//EN’ ‘http://www.springframework.org/dtd/spring-beans.dtd’>

<beans>
<!– The configuration of the audit model –>

<bean id=”auditConfiguration” class=”org.alfresco.repo.audit.AuditConfigurationImpl”>
<property name=”config”>
<value>alfresco/extension/auditConfig.xml</value>
</property>
</bean>
</beans>

Create auditConfig.xml in the extension directory

<?xml version=”1.0″ encoding=”UTF-8″ ?>
<!– Default Audit Configuration –>
<Audit xmlns=”http://www.alfresco.org/model/audit/1.0” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” enabled=”true” auditInternal=”false” mode=”all”>

<Service name=”ContentService” mode=”none”>
<Method name=”getWriter” mode=”all”/>
<Method name=”transform” mode=”all”/>
<Method name=”getReader” mode=”all”/>
</Service>
<Service name=”FileFolderService” mode=”none”>
<Method name=”rename” mode=”all”/>
<Method name=”move” mode=”all”/>
<Method name=”copy” mode=”all” auditInternal=”true”/>
<Method name=”create” mode=”all”/>
<Method name=”delete” mode=”all”/>
<Method name=”makeFolders” mode=”all”/>
<Method name=”getWriter” mode=”all”/>
<Method name=”getReader” mode=”all”/>
</Service>
</Audit>

To view the Audit trail
View Details >> Custom Views >> Modify >> show_audit.ftl Template >> ok

Secure Alfresco with https

Saturday, August 9th, 2008

It is simple to setup TomCat to use HTTPS – see the file tomcat/conf/server.xml –

Change redirectPort=”8443″ to “443”

<!– Define a non-SSL HTTP/1.1 Connector on port 8080 –>
<Connector port=”80″ URIEncoding=”UTF-8″ maxHttpHeaderSize=”8192″
maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” redirectPort=”443″ acceptCount=”100″
connectionTimeout=”20000″ disableUploadTimeout=”true” />

unremark the SSL HTTP/1.1 Connector and change port to 443

<!– Define a SSL HTTP/1.1 Connector on port 8443 –>
<Connector port=”443″ maxHttpHeaderSize=”8192″
maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” disableUploadTimeout=”true”
acceptCount=”100″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS” />

Generate Keystore
* Execute:

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)

with a password value of “changeit” for both the certificate and
the keystore itself.