The Bonsai Framework also provides a pre-packaged portable and secured version of Tomcat. This document outlines the hardening steps taken.
The steps begin with a tar.gz version of Tomcat from the Apache website and start int the root directory of Tomcat. For example,
| Code Block | ||
|---|---|---|
| ||
tar -xvpf apache-tomcat-6.0.32
cd apache-tomcat-6.0.32 |
This document is for reference. To get up and started, go ahead and download Bonsai Framework Tomcat 6.0.32.
Remove Unnecessary Files
Delete sample applications,
| Code Block | ||
|---|---|---|
| ||
cd webapps
rm -rf docs examples |
We recommend against using the Manager application,
| Code Block |
|---|
# You should still be in the webapps directory
rm -rf host-manager manager
cd ..
|
http://www.cisecurity.org/resources-publications/
https://www.owasp.org/index.php/Securing_tomcat
...
References
http://blogs.mulesoft.org/is-your-tomcat-secure/ - looks like a good lead.