10.5 Rename the manager application (webapps/manager)

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The manager application allows administrators to manage Tomcat remotely via a web interface. The manager application should be renamed to make it harder for attackers or automated scripts to locate.

Solution

Perform the following to rename the manager application:
1. Rename the manager application XML file:
# mv $CATALINA_HOME/webapps/host-manager/manager.xml
$CATALINA_HOME/webapps/host-manager/new-name.xml
2. Update the docBase attribute within $CATALINA_HOME/webapps/host-manager/newname.xml to ${catalina.home}/webapps/new-name
3. Move $CATALINA_HOME/webapps/manager to $CATALINA_HOME/webapps/newname
# mv $CATALINA_HOME/webapps/manager $CATALINA_HOME/webapps/new-name

See Also

https://workbench.cisecurity.org/files/267

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7, CSCv6|9.1

Plugin: Unix

Control ID: 2b46bc24bda975c69b836bf3db609d8d09d680a486068c70d118cd5c52e28ee7