Details
The manager application allows administrators to manage Tomcat remotely via a web interface. The manager application should be renamed to make it harder for attackers or automated scripts to locate.
Rationale:
By relocating the manager applications, an attacker will need to guess its location rather than simply navigate to the standard location in order to carry out an attack.
Solution
Perform the following to rename the manager application:
Rename the manager application XML file:
# mv $CATALINA_HOME/webapps/host-manager/manager.xml
$CATALINA_HOME/webapps/host-manager/
Update the docBase attribute within $CATALINA_HOME/webapps/host-manager/
Move $CATALINA_HOME/webapps/manager to $CATALINA_HOME/webapps/
# mv $CATALINA_HOME/webapps/manager $CATALINA_HOME/webapps/
Default Value:
The default name of the manager application is manager and is located at:
$CATALINA_HOME/webapps/manager
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.