10.5 Rename the manager application (host-manager/manager.xml)

Information

The manager application allows administrators to manage Tomcat remotely via a web interface. The manager application should be renamed to make it harder for attackers or automated scripts to locate.

Solution

Perform the following to rename the manager application:
1. Rename the manager application XML file:
# mv $CATALINA_HOME/webapps/host-manager/manager.xml
$CATALINA_HOME/webapps/host-manager/new-name.xml
2. Update the docBase attribute within $CATALINA_HOME/webapps/host-manager/newname.xml to ${catalina.home}/webapps/new-name
3. Move $CATALINA_HOME/webapps/manager to $CATALINA_HOME/webapps/newname
# mv $CATALINA_HOME/webapps/manager $CATALINA_HOME/webapps/new-name

See Also

https://workbench.cisecurity.org/files/266

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: a3a8b7c142f6e92903575e87ff5cdd26cd3af9b4526247e66d678d326f3b8e6d