How to secure Tomcat in Red Hat JBoss Web Server and RHEL

Solution Verified - Updated -

Issue

  • We would like to disable the EAP and EWS admin consoles in production for security purposes and to ensure developers deploy via command-line.  We'll simply use the JON server we have for JMX monitoring purposes. What directories can we safely remove to accomplish that without impacting normal app server operations on EAP and EWS?

  • On EWS can we remove everything under webapps, including manager and host-manager or does Tomcat need manager or host-manager for operations?

  • By default the shutdown port will honour the shutdown request from all the connections made locally. Can we customize it so that it can listen only to a particular IP address ?

Environment

  • Red Hat JBoss Web Server
  • Red Hat Enterprise Linux
  • Apache Tomcat

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In