This page provides security recommendations and links to various other help documents relating to Iguana security.
Installation security [top]
- For security reasons we recommend changing the administrator password on production systems.
We strongly recommend changing the password on production systems immediately after installing Iguana.
- Using minimum Service/Daemon user permissions to secure Iguana
We recommend minimizing the Iguana Service/Daemon access permissions to improve security. Restricting access is most important for Production server security.
Other security related articles [top]
- Encrypt Password in File
This repository channel shows how to store a password securely in a configuration file. To do this we encrypt the password and save it to the configuration file, and then we load and decrypt it at runtime when it is needed.
- How to create self-certified SSL certificate and public/private key files
Iguana only supports OpenSSL SSH-2 private keys and certificates in PEM format, these must not be password protected.
- Using SSL security, certificates and verify peer etc
For production systems you will need to get your SSL certificates from a reputable Certificate Authority.
- Limiting Access to the Log Directory
We strongly recommend limiting/minimizing access to the log directory of Iguana production systems.