3.1 Set a nondeterministic Shutdown command value

Information

Tomcat listens on TCP port 8005 to accept shutdown requests. By connecting to this port and sending the SHUTDOWN command, all applications within Tomcat are halted. The shutdown port is not exposed to the network as it is bound to the loopback interface. It is recommended that a nondeterministic value be set for the shutdown attribute in $CATALINA_HOME/conf/server.xml.

Rationale:

Setting the shutdown attribute to a nondeterministic value will prevent malicious local users from shutting down Tomcat.

Solution

Perform the following to set a nondeterministic value for the shutdown attribute.
Update the shutdown attribute in $CATALINA_HOME/conf/server.xml as follows:

<Server port='8005' shutdown='NONDETERMINISTICVALUE'>

Note: NONDETERMINISTICVALUE should be replaced with a sequence of random characters.




Default Value:

The default value for the shutdown attribute is SHUTDOWN.

References:

https://tomcat.apache.org/tomcat-8.0-doc/config/server.html

https://tomcat.apache.org/tomcat-8.5-doc/config/server.html

See Also

https://workbench.cisecurity.org/files/2506

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10), CSCv7|4.7

Plugin: Unix

Control ID: 9901ce52900ef6ab01008cc5829ed61ec47f982d85191336860cfbcf5398fb9b