1. Introduction
This guide introduces the recommended recurring tasks that a user should do in order to keep the OrangeHRM application and server environment in a healthy and secure state.
2. Recommended recurring tasks
2.1 OS and middleware patch updates
2.1.1 Purpose
To keep the middleware packages and operating system up to date with the latest security patches.
2.1.2 Frequency
Monthly
2.1.3 How to do
1. Download patch update verificator
orangehrm@workspace:~ wget https://alge.orangehrm.com/downloads/onsite-patch-verificator |
2. Extract the patch update verificator
orangehrm@workspace:~ unzip onsite-patch-verificator |
3. Run the script (make sure to run the script as a root user)
orangehrm@workspace:~ cd patch-verificator orangehrm@workspace:~ bash check-updates.sh |
2.2 Database backup verification
2.2.1 Purpose
To keep the middleware packages and operating system up to date with the latest security patches.
2.2.2 Frequency
Quarterly
2.2.3 How to do
1. Copy the codebase to a new directory (NEW_CODEBASE_PATH)
2. Get the recent database backup file (BACKUP_FILE_NAME.sql)
3. Create a test database in the MySQL server
a. Log into the MySQL service
orangehrm@workspace:~ mysql -uroot -p -hlocalhost |
b. Create a database
MariaDB [(none)]>create database test_backup; |
c. Source the database
orangehrm@workspace:~ mysql -uroot -p -hlocalhost test_backup < [BACKUP_FILE_NAME].sql |
4. Change the databases.yml of the newly copied codebase
-
- Go to the [NEW_CODEBASE_PATH]/symfony/config directory and open the databases.yml using a text editor
- Replace the dbname with “test_backup”
all: doctrine: class: ohrmDoctrineDatabase param: dsn: 'mysql:host=db;port=3306;dbname=test_backup' username: root —---- —---- |
5. Go to the Symfony directory run clear the cache
orangehrm@workspace:~ cd [NEW_CODEBASE_PATH]/symfony/ orangehrm@workspace:~ php symfony cc |
6. Create an apache virtual host for the newly created codebase
- Refer to section 3 - Apache Virtual host Configuration section in the OrangeHRM Middleware Installation guidelines.
7. Reload the apache service and access the new instance from your browser.
- To reload the apache use the command below. everything should work as the original instance when you access the instance from your web browser.
# RHEL / CentOS orangehrm@workspace:~ service httpd reload # Ubuntu orangehrm@workspace:~ service apache2 reload |
8. Remove the newly created virtual host, database, and codebase.
2.3 VA scan
2.3.1 Purpose
To make sure the system environment is in a healthy and secure state.
2.3.2 Frequency
Bi-Annually
2.3.3 How to do
1. Use the VA scan tool and run the scan. The following are recommended tools to use.
Please be noted that you are free to use any VA scanning tool according to your preferences.
2. Once the scan is complete, please evaluate the report and make adjustments to the environment if needed. Contact the OrangeHRM support services team if you need any assistance.
2.4 Server audit
2.4.1 Purpose
To make sure the environment is in a healthy state.
2.4.2 Frequency
Annually
2.4.3 How to do
- Refer to section 4.4 - Security - Audit-Related Tasks in Middleware installation guidelines.
- Once the audit is completed, please review the audit reports and make sure to do adjustments to the environment if needed. Contact OrangeHRM support services if you need assistance.
2.5 Capacity planning and verification
2.5.1 Purpose
To make sure the servers have enough capacity to cater to OrangeHRM application requirements.
2.5.2 Frequency
Annually
2.5.3 How to do
- Use the configured monitoring tools and make sure that the average resource usages are below the recommended thresholds.
- Please refer to the resource monitoring guide.
- If you found any resource usage is above the recommended threshold values, then please take the necessary actions to increase the resource capacity. Contact OrangeHRM support services if you need any assistance.