9.1 Starting Tomcat with Security Manager


Configure application to run in a sandbox using the Security Manager. The Security Manager restrict what classes Tomcat can access thus protecting your server from mistakes, Trojans, and malicious code.

NOTE: This check looks at the $CATALINA_HOME/bin/startup.sh script to determine if -security is enabled when Tomcat is started. If your startup script is located in a different location, adjust this check to account for this.


The security policies implemented by the Java SecurityManager are configured in the $CATALINA_HOME/conf/catalina.policy file. Once you have configured the catalina.policy file for use with a SecurityManager, Tomcat can be started with a SecurityManager in place by using the --security option:
$ $CATALINA_HOME/bin/catalina.sh start -security

See Also


Item Details


References: 800-53|CM-6b.

Plugin: Unix

Control ID: 1064d2240050812eee68e4e9da3d720f2534f1ba18a8c101a850a9bcdbb5254c