linux-tomcat-security
Remove all from CATALINA_HOME/webapps (could also be CATALINA_HOME/server/webapps )
(ROOT, balancer, jsp-examples, servlet-examples, tomcat-docs, webdav)
(if you are removing the manager application)
Remove CATALINA_HOME/conf/Catalina/localhost/host-manager.xml
and CATALINA_HOME/conf/Catalina/localhost/manager.xml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ENSURE WE DO NOT SERVE INDEX FILES WHEN NO WELCOME FILE NOT PRESENT
nano /var/lib/tomcat6/conf/web.xml
<servlet-name>default</servlet-name>
...
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value> <!-- make sure this is false -->
</init-param>
(note there are options for servlet-name "jsp" too!)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -