Details
The manager application allows administrators to manage Tomcat remotely via a web interface. The manager application should be renamed to make it harder for attackers or automated scripts to locate.
Solution
Perform the following to rename the manager application:
1. Rename the manager application XML file:
# mv $CATALINA_HOME/webapps/host-manager/manager.xml
$CATALINA_HOME/webapps/host-manager/new-name.xml
2. Update the docBase attribute within $CATALINA_HOME/webapps/host-manager/newname.xml to ${catalina.home}/webapps/new-name
3. Move $CATALINA_HOME/webapps/manager to $CATALINA_HOME/webapps/newname
# mv $CATALINA_HOME/webapps/manager $CATALINA_HOME/webapps/new-name
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.