CIS Apache Tomcat 9 L2 v1.0.0 Middleware

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apache Tomcat 9 L2 v1.0.0 Middleware

Updated: 5/5/2021

Authority: CIS

Plugin: Unix

Revision: 1.2

Estimated Item Count: 29

Audit Items

DescriptionCategories
1.1 Remove extraneous files and directories - @APP_Config_catalogs@/webapps/examples

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - /webapps/docs

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - /webapps/host-manager

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - /webapps/manager

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - /webapps/ROOT

CONFIGURATION MANAGEMENT

1.2 Disable Unused Connectors

CONFIGURATION MANAGEMENT

2.1 Alter the Advertised server.info String

SYSTEM AND COMMUNICATIONS PROTECTION

2.2 Alter the Advertised server.number String

SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Alter the Advertised server.built Date

SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors

SYSTEM AND COMMUNICATIONS PROTECTION

2.7 Ensure Sever Header is Modified To Prevent Information Disclosure

SYSTEM AND COMMUNICATIONS PROTECTION

3.2 Disable the Shutdown port

CONFIGURATION MANAGEMENT

5.1 Use secure Realms

CONFIGURATION MANAGEMENT

5.2 Use LockOut Realms

ACCESS CONTROL

6.1 Setup Client-cert Authentication

IDENTIFICATION AND AUTHENTICATION

7.1 Application specific logging

CONFIGURATION MANAGEMENT

7.3 Ensure className is set correctly in context.xml

AUDIT AND ACCOUNTABILITY

9.2 Disabling auto deployment of applications

CONFIGURATION MANAGEMENT

9.3 Disable deploy on startup of applications

CONFIGURATION MANAGEMENT

10.3 Restrict manager application
10.5 Rename the manager application - host-manager/manager.xml

CONFIGURATION MANAGEMENT

10.5 Rename the manager application - webapps/manager

CONFIGURATION MANAGEMENT

10.8 Do not allow additional path delimiters - ALLOW_BACKSLASH

SYSTEM AND INFORMATION INTEGRITY

10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASH

SYSTEM AND INFORMATION INTEGRITY

10.9 Configure connectionTimeout

ACCESS CONTROL

10.10 Configure maxHttpHeaderSize

SYSTEM AND COMMUNICATIONS PROTECTION

10.11 Force SSL for all applications

SYSTEM AND COMMUNICATIONS PROTECTION

10.15 Do not resolve hosts on logging valves

CONFIGURATION MANAGEMENT

CIS_Apache_Tomcat_9_L2_v1.0.0_Middleware.audit from CIS Apache Tomcat 9 Benchmark