On 2/11/2016 2:20 PM, Edward Hart (c) wrote:
Q1: Can Tomcat be configured to 'roll back' if a patch update causes a TC
failure on a production server?
Q2: Can TC be configured to fail to a known safe state in the event of server
failure during operation?
I am developing a Security Technical Implement Guide (STIG) for Tomcat. A STIG
is essentially a detailed checklist for hardening a given technology. DoD uses
them to provide cyber defense.
Finding configurable ways to satisfy the below 2 requirements is proving
difficult.
Req 1 : The web server must augment re-creation to a stable and known baseline.
Req 2 : The web server must be built to fail to a known safe state if system
initialization fails, shutdown fails, or aborts fail.
Req 1 is intended to provide a means to roll back to a last known stable
environment in case a patch fails. Req 2 is intended to provide fail safe
environments in case something (perhaps an attacker) causes system failure.
#1 is probably doable with some kind of version control.
#2 seems to be to be most easily answered by staying shut down as its
known stable state.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
