Grant Killian grant-killian
grant-killian
/ Rackspace.SecurityHardening.Step5.IncreaseLoginSecurity.config
Created
August 4, 2016 21:48
To "Increase login security" we use the following patch .config for Sitecore.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"> | |
| <sitecore> | |
| <settings> | |
| <setting name="Login.DisableAutoComplete"> | |
| <patch:attribute name="value">true</patch:attribute> | |
| </setting> | |
| <setting name="Login.DisableRememberMe"> | |
| <patch:attribute name="value">true</patch:attribute> | |
| </setting> | |
| <setting name="Login.RememberLastLoggedInUserName"> |
grant-killian
/ Rackspace.SecurityHardening.Step7.ProtectPhantomJS.config
Created
August 4, 2016 21:57
Altering the Sitecore pipeline to remove the PhantomJS element
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"> | |
| <sitecore> | |
| <pipelines> | |
| <getScreenShotForURL> | |
| <patch:delete /> | |
| </getScreenShotForURL> | |
| </pipelines> | |
| </sitecore> | |
| </configuration> |
grant-killian
/ Rackspace.SecurityHardening.Step8.ProtectMediaRequests.config
Last active
August 5, 2016 15:26
Set Media.RequestProtection.SharedSecret in the App_Config/Include/Sitecore.Media.RequestProtection.config file. This ensures a unique key to your implementation, instead of using the common OOTB key provided by the Sitecore installation. Be sure to use the *same* key for all the Sitecore servers in the solution!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"> | |
| <sitecore> | |
| <settings> | |
| <setting name="Media.RequestProtection.SharedSecret"> | |
| <patch:attribute name="value">your-implementation-custom-guid-here</patch:attribute> | |
| </setting> | |
| </settings> | |
| </sitecore> | |
| </configuration> |
grant-killian
/ Rackspace9stepSitecoreSecurityHardening.ps1
Last active
August 7, 2018 10:16
See https://developer.rackspace.com/blog/Updated-Security-Hardening-For-Sitecore-8.2 (or https://developer.rackspace.com/blog/Security-Hardening-for-Sitecore-Environments) for full context
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Author(s): Bruce Lee, Grant Killian, Kelly Rusk, Jimmy Rudley | |
| Created Date: August 4, 2016 | |
| Modified Date: May 3, 2017 | |
| This is the Rackspace Managed Services for Sitecore (https://www.rackspace.com/digital/sitecore) script for security hardening a Sitecore environment | |
| If the Execution Policy does not allow execution, you may need to run the following interactively to allow a scoped session bypass. | |
| This is secure as it requires interaction on server and cannot be executed from a script: |
grant-killian
/ gist:c734e7287f7c27182182ed9d17d29730
Last active
November 11, 2016 17:00
Sitecore perf counter installation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $zipFileURI = "https://your.cdn.with.the.Sitecore.zip.resources/sitecorecounters%207.5.zip" | |
| $stageFolder = "C:\staging" | |
| if( !(test-path $stageFolder) ) | |
| { | |
| mkdir $stageFolder | |
| } | |
| $downLoadZipPath = $stageFolder + "/SitecoreCounters.zip" | |
| Invoke-WebRequest -Uri $zipFileURI -OutFile $downLoadZipPath |
grant-killian
/ ResetSitecorePassword.aspx
Last active
May 5, 2017 21:19
Example of how we would reset the sitecore\admin password after changing the Membership hash algorithm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%@ Page Language="C#" AutoEventWireup="true" %> | |
| <script runat="server"> | |
| protected void Page_Load(object sender, EventArgs e) | |
| { | |
| MembershipUser user = Membership.GetUser(@"sitecore\admin", false); | |
| /* |
grant-killian
/ SecureSitecoreConnectionStrings.ps1
Last active
August 29, 2017 15:54
Secure Sitecore ConnectionStrings using aspnet_regiis (see https://grantkillian.wordpress.com/2017/08/29/encrypting-sitecore-connection-strings-for-sitecore-commerce-azure-sql-and-beyond/ for more context)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Note: | |
| - The encyption is specific to each server, so this needs to be run separately on every IIS server | |
| - ASPNet_RegIIS requires a web.config file to operate, so we have to massage our Sitecore .config into a web.config format it will understand | |
| Steps: | |
| 1) Copy current Connectionstrings.config to a file named "web.config" | |
| 2) insert <configuration> node surrounding the <connectionStrings> XML | |
| 3) run this new web.config file through aspNet_RegIIS... |
grant-killian
/ ConfigureSitecoreCommerceJSON.ps1
Last active
September 7, 2017 01:22
This shows a general approach to easing the human-error potential in step 3 and 4 covered at http://commercesdn.sitecore.net/SitecoreCommerce/DeploymentGuide/en-us/index.html#Concepts/c_M_ChangesToDefaultSettings.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Author: Grant Killian | |
| Created Date: Sept 1, 2017 | |
| Ease the human-error potential in step 3 and 4 covered at http://commercesdn.sitecore.net/SitecoreCommerce/DeploymentGuide/en-us/index.html#Concepts/c_M_ChangesToDefaultSettings.html | |
| For repetitive installs, it's a pattern that can be used to update a site name etc, too. Here I focus on the SQL Server and Sitecore credentials but other settings could be updated too (just be certain you have the right pattern to match/replace). | |
| #> | |
| $dbServer ="your db server" #for Azure SQL, something like "qa2-proj-sql.database.windows.net,1433" is what you'd use | |
| $dbuser ="SQLuser" | |
| $dbpwd = "secret" |
grant-killian
/ ArtifactTableRetentionPatch.config
Last active
December 10, 2018 21:34
For tuning data retention rules (beware of the alpha order in which .config files are processed)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" ?> | |
| <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform"> | |
| <sitecore> | |
| <scheduling> | |
| <agent type="Sitecore.Tasks.CleanupEventQueue, Sitecore.Kernel"> | |
| <patch:delete /> | |
| </agent> | |
| <agent type="Sitecore.Tasks.CleanupEventQueue, Sitecore.Kernel" method="Run" interval="01:00:00"> | |
| <IntervalToKeep>06:00:00</IntervalToKeep> | |
| </agent> |
grant-killian
/ ReferenceSample.sc.publishing.xml
Last active
December 17, 2018 02:00
I discuss this at https://grantkillian.wordpress.com/2018/12/17/how-i-add-custom-sitecore-publishing-service-targets/. Essentially, there are 3 main locations to update the sc.publishing.xml file to support additional publishing targets. This sample illustrates the 3 (under Publishing/ConnectionStrings, under Services/DefaultConnectionFactory/Op…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <Settings> | |
| <Sitecore> | |
| <Publishing> | |
| <InstanceName>${SITECORE_InstanceName}</InstanceName> | |
| <ConnectionStrings> | |
| <Service>${Sitecore:Publishing:ConnectionStrings:Master}</Service> | |
| <!-- Add any additional publishing targets you may use (first location for changes to this file) --> |
OlderNewer