Disabling auto deployment of applications

Details

Tomcat allows auto deployment of applications while Tomcat is running. It is recommended that this capability be disabled.

Rationale:

This could allow malicious or untested applications to be deployed and should be disabled.

Solution

In the $CATALINA_HOME/conf/server.xml file, change autoDeploy to false.

autoDeploy=’false’

Default Value:

autoDeploy is set to true.

References:

https://tomcat.apache.org/tomcat-8.0-doc/deployer-howto.html#Deploying_on_a_running_Tomcat_server

https://tomcat.apache.org/tomcat-8.0-doc/config/host.html

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/2506

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6
CSCv7|5.1

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles