The ISEC7 SPHERE must remove any unnecessary users or groups that have permissions to the server.xml file in Apache Tomcat.
An XCCDF Rule
Description
Tomcat uses a port (defaults to 8005) as a shutdown port. Someone could Telnet to the machine using this port and send the default command SHUTDOWN. Tomcat and all web apps would shut down in that case, which is a denial-of-service attack and would cause an unwanted service interruption.
- ID
- SV-224790r1013879_rule
- Version
- ISEC-06-551310
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Log in to the ISEC7 SPHERE server.
Browse to ProgramFiles\Isec7 SPHERE\Tomcat\Conf and select Server.xml.
Right-click and select "Properties".
Select the security tab and remove unnecessary accounts or groups that have been granted permissions to the Server.xml file.