1.1 Remove extraneous files and directories - @APP_Config_catalogs@/webapps/examples | CONFIGURATION MANAGEMENT |
1.1 Remove extraneous files and directories - /webapps/docs | CONFIGURATION MANAGEMENT |
1.1 Remove extraneous files and directories - /webapps/host-manager | CONFIGURATION MANAGEMENT |
1.1 Remove extraneous files and directories - /webapps/manager | CONFIGURATION MANAGEMENT |
1.1 Remove extraneous files and directories - /webapps/ROOT | CONFIGURATION MANAGEMENT |
1.2 Disable Unused Connectors | CONFIGURATION MANAGEMENT |
2.1 Alter the Advertised server.info String | CONFIGURATION MANAGEMENT |
2.2 Alter the Advertised server.number String | CONFIGURATION MANAGEMENT |
2.3 Alter the Advertised server.built Date | CONFIGURATION MANAGEMENT |
2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CONFIGURATION MANAGEMENT |
2.7 Ensure Sever Header is Modified To Prevent Information Disclosure | CONFIGURATION MANAGEMENT |
3.2 Disable the Shutdown port | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.1 Use secure Realms | ACCESS CONTROL |
5.2 Use LockOut Realms | CONFIGURATION MANAGEMENT |
6.1 Setup Client-cert Authentication | IDENTIFICATION AND AUTHENTICATION |
7.1 Application specific logging | AUDIT AND ACCOUNTABILITY |
7.3 Ensure className is set correctly in context.xml | AUDIT AND ACCOUNTABILITY |
9.2 Disabling auto deployment of applications | CONFIGURATION MANAGEMENT |
9.3 Disable deploy on startup of applications | CONFIGURATION MANAGEMENT |
10.3 Restrict manager application | ACCESS CONTROL |
10.5 Rename the manager application - host-manager/manager.xml | CONFIGURATION MANAGEMENT |
10.5 Rename the manager application - webapps/manager | CONFIGURATION MANAGEMENT |
10.6 Enable strict servlet Compliance | SYSTEM AND COMMUNICATIONS PROTECTION |
10.8 Do not allow additional path delimiters - ALLOW_BACKSLASH | CONFIGURATION MANAGEMENT |
10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASH | CONFIGURATION MANAGEMENT |
10.9 Configure connectionTimeout | CONFIGURATION MANAGEMENT |
10.10 Configure maxHttpHeaderSize | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
10.11 Force SSL for all applications | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
10.15 Do not resolve hosts on logging valves | SYSTEM AND INFORMATION INTEGRITY |
CIS_Apache_Tomcat_9_L2_v1.2.0_Middleware.audit from CIS Apache Tomcat 9 Benchmark | |