← Back to ISEC7 Sphere Security Technical Implementation Guide

V-224791

CAT II (Medium)

A manager role must be assigned to the Apache Tomcat Web apps (Manager, Host-Manager).

Rule ID

SV-224791r1013882_rule

STIG

ISEC7 Sphere Security Technical Implementation Guide

Version

V3R1

CCIs

CCI-000171

Discussion

If a manager role is not assigned to the Apache Tomcat web apps, the system administrator will not be able to manage and configure the web apps and security setting may not be configured correctly, with could leave the Apache Tomcat susceptible to attack by an intruder.

Check Content

Verify a manager role has been assigned to the Apache Tomcat Web apps (Manager, Host-Manager).

Log in to the ISEC7 SPHERE server.
Navigate to <Drive>:\Program Files\ISEC7 SPHERE\Tomcat\conf\.
Confirm a user with the manager role to <Drive>:\Program Files\ISEC7 SPHERE\Tomcat\conf\tomcat-users.xml exists.

example: <user username="admin" roles="manager-gui,manager-script" ..../>

If  a manager role has not been assigned to the Apache Tomcat Web apps, this is a finding.

Fix Text

To add a manager role to the Apache Tomcat Web apps (Manager, Host-Manager), run the ISEC7 integrated installer or use the following manual procedure:

By default there are no users with the manager role assigned. To make use of the manager webapp, add a new role and user into the <Drive>:\Program Files\ISEC7 SPHERE\Tomcat\conf\tomcat-users.xml file.

Log in to the ISEC7 SPHERE server.
Navigate to <Drive>:\Program Files\ISEC7 SPHERE\Tomcat\conf\.
Add a user with the manager role to <Drive>:\Program Files\ISEC7 SPHERE\Tomcat\conf\tomcat-users.xml.

example: <user username="admin" roles="manager-gui,manager-script" ..../>

Save the file.