9.1 Starting Tomcat with Security Manager

Information

Configure application to run in a sandbox using the Security Manager. The Security Manager restrict what classes Tomcat can access thus protecting your server from mistakes, Trojans, and malicious code.

NOTE: This check looks at the $CATALINA_HOME/bin/startup.sh script to determine if -security is enabled when Tomcat is started. If your startup script is located in a different location, adjust this check to account for this.

Solution

The security policies implemented by the Java SecurityManager are configured in the $CATALINA_HOME/conf/catalina.policy file. Once you have configured the catalina.policy file for use with a SecurityManager, Tomcat can be started with a SecurityManager in place by using the --security option:
$ $CATALINA_HOME/bin/catalina.sh start -security

See Also

https://workbench.cisecurity.org/files/266

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Unix

Control ID: dc0f36da93d308af39499a58920b1d2916deff8ad518a2c921b76745fbaa54c6