...
Code Block |
---|
# You should still be in the webapps directory
rm -rf host-manager manager
|
Info |
---|
Per p9 of Center for Internet Security, Security Configuration Benchmark for Apache Tomcat 5.5/6.0 Version 1.0.0. |
Remove Unnecessary Ports
By default Tomcat listens to the following ports,
...
Code Block | ||
---|---|---|
| ||
<!-- <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8643" /> --> |
Info |
---|
Per p11 of Center for Internet Security, Security Configuration Benchmark for Apache Tomcat 5.5/6.0 Version 1.0.0. |
Clear Text Passwords
When configuring resources such as JDBC, Tomcat only supports clear text username and password in server.xml. By default, if untarred per the BonsaiFramework instructions, server.xml will only be readable by serveradmin.
...