[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Securing Tomcat 4.0.6 on OpenBSD 3.1

Hello all,

I installed Tomcat 4.0.6 from the ports tree on a new OpenBSD 3.1 box. After
downloading the jdk-linux-1.3.1_04 binary from Sun, it runs fine. The
purpose of this box is to server as a Tomcat servlet testbed.

I need to grant access to this box to a couple of  contract programmers.
Since this box is inside my firewall, I'd like to minimize the amount of
exposure, and grant only the rights necessary to program/test/debug web

On a related note, I think I will need to place a CVS repository on this
box, unless that turns out to be an extraordinarily bad idea.

I read through the docs:

I'm still reading through

This article http://ezine.daemonnews.org/200203/tomcat-jakarta.html
unfortunately didn't have anything about security.

Setting up Tomcat to not start as root?
Proper startup from /etc/rc.local? (Or, how do I set $JAVA_HOME on startup?)
Proper file permissions on /usr/local/jdk1.3.1-linux and

Thanks for any pointers, tips, or references!

*	Adam Getchell
*	System Architect/Programmer			(530) 752-1584
*	Human Resources Information Systems
"Invincibility is in oneself, vulnerability in the opponent." -- Sun Tzu