[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Securing Tomcat 4.0.6 on OpenBSD 3.1

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Securing Tomcat 4.0.6 on OpenBSD 3.1
From: Adam Getchell <AdamG_(_at_)_hrrm_(_dot_)_ucdavis_(_dot_)_edu>
Date: Fri, 25 Oct 2002 16:51:22 -0700

Hello all,

I installed Tomcat 4.0.6 from the ports tree on a new OpenBSD 3.1 box. After
downloading the jdk-linux-1.3.1_04 binary from Sun, it runs fine. The
purpose of this box is to server as a Tomcat servlet testbed.

I need to grant access to this box to a couple of  contract programmers.
Since this box is inside my firewall, I'd like to minimize the amount of
exposure, and grant only the rights necessary to program/test/debug web
applications.

On a related note, I think I will need to place a CVS repository on this
box, unless that turns out to be an extraordinarily bad idea.

I read through the docs:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/index.html

I'm still reading through
http://www.jguru.com/forums/ask.jsp?op=5&topic=Tomcat

This article http://ezine.daemonnews.org/200203/tomcat-jakarta.html
unfortunately didn't have anything about security.
Questions:

Setting up Tomcat to not start as root?
Proper startup from /etc/rc.local? (Or, how do I set $JAVA_HOME on startup?)
Proper file permissions on /usr/local/jdk1.3.1-linux and
/usr/local/jakarta-tomcat-4.0.6?

Thanks for any pointers, tips, or references!

***************************	
*	Adam Getchell
AdamG_(_at_)_hrrm_(_dot_)_ucdavis_(_dot_)_edu
*	System Architect/Programmer			(530) 752-1584
*	Human Resources Information Systems
http://www.hr.ucdavis.edu/
***************************	
"Invincibility is in oneself, vulnerability in the opponent." -- Sun Tzu

Prev by Date: Re: 'silo overflow'?
Next by Date: OpenBSD NAT, Proxy, ques
Previous by thread: Re: 'silo overflow'?
Next by thread: OpenBSD NAT, Proxy, ques
Index(es):
- Date
- Thread

Visit your host, monkey.org