Advisory: Bind Content Search and Document Converter to 127.0.0.1 Only
- Content Search Service
- Document Converter Service
This allows only the connections from the local web server to the service that are allowed.
CodeLathe recommends all FileCloud administrators take steps to make the following changes and verify them to ensure you are running a secure configuration.
Note: The following article applies only to FileCloud On-Premise installations, if you are a FileCloud Online customer, your system is not affected.
To Ensure Your Services are Secure
You can download our script and run it on your server to fix this automatically.
- Fix bindings by running a script.
FileCloud on Windows – modifies the affected service: Document Converter.
FileCloud on Linux (including VM / OVF) – modifies the affected services: Document Converter, and Content Search Service
2. Manually verify bindings.
Fix Bindings on Windows
Affected Services: Document Converter
Not Affected: Content Search Server
You MUST run the script as an Administrator.
When you open a Windows Powershell prompt, run it as an Administrator.
To run the Powershell script:
- Download the Powershell script from here.
Unzip the zip file and copy the Powershell script (closeports.ps1) to the following folder where FCDocConverter.jar service is located. (NOTE: This can be different based on where you have installed FileCloud.)
c:\xampp
- Open a Powershell prompt and run it as an Administrator.
In the Powershell prompt, change to the location where the script was saved.
For Example:cd c:\xampp
Run the script as follows
.\closeports.ps1
If you get a script security warning, just enable running the script only for this current session using the following command.
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process
- You will see a report in the PowerShell window on the status of the fix.
Fix Bindings on Linux
Affected Services:
- Document Converter
- Content Search Server
You MUST run the script as a root user.
To run the script:
- Download the script from here.
- Run the script as follows:
wget http://patch.codelathe.com/tonidocloud/live/installer/closeports.sh && bash closeports.sh
Manually Verify Bindings
You can use the following steps to ensure you are running a secure configuration that addresses this binding issue.
Document Converter
To verify Document Converter Service settings on Windows:
Run the following command:
netstat -ano | findstr "8080"
- Verify it is ONLY bound to 127.0.0.1
To verify Document Converter Service settings on Linux and Centos OS:
Run the following command:
netstat -atp | grep "8080"
- Verify it is ONLY bound to 127.0.0.1
Content Search Service
To verify Content Search Service on Windows:
Run the following command:
netstat -ano | findstr "8983"
Verify that it is bound only to the 127.0.0.1 address.
To verify Content Search Service on Linux and Centos OS:
Run the following command:
netstat -atp | grep "8983"
Verify that it is bound only to the 127.0.0.1 address.