Limiting Access to the Log Directory

IguanaX is often used to transmit messages containing sensitive protected health information (PHI). This information is temporarily stored in Iguana’s logs, in a specified Log Directory on disk.

All access to the logs should be through the IguanaX Logs interface.

The Log Directory should ideally only be accessible to the Iguana Windows Service User or Linux Daemon User. It is recommended to modify the operating system permissions on the specified Log Directory to ensure that the files containing log messages cannot be accessed by people who are not authorized to view them.

Note: The system user that runs your backup software will need read access to the log files.

  1. In File Explorer, locate the Log Directory. By default, this is located in the working directory:

C:\ProgramData\IguanaX\logt
  1. Right-click the logs directory to select Properties.

  2. In the Properties window, select the Security tab, to display the security options for the logs directory, click Edit.

  1. In the Permissions for logt window:

    1. Select a User for which you want to limit access (If the user is not listed in this pane, click Add to add the user to the list).

    2. In the Deny column, select the permissions that you want to allow or disallow for that user.

    3. Click Apply to apply your changes.

  1. Repeat the above three steps for all users for which you want to limit permissions. When you are finished, click OK to close the Properties window.

  1. Log into your Linux system as a user that is authorized to change permissions (such as root).

  2. Set your current directory to be the IguanaX working directory, where the log directory is located.

cd ~/.IguanaX/
  1. Run the following command to disable read, write and execute access for everyone except the owner of the Iguana log directory:

chmod 700 logt

 

Â