Production Server Overview

What This Section Covers

Best practices and recommendations on securing a production TDS/Tomcat server:

You should know how to do a basic installation of Tomcat, Java, and the TDS; and be familiar with the Tomcat directory structure; Tomcat server configuration; and the Tomcat manager application.

Why Is Security Important?

Be afraid

Keeping Software Versions Up-To-Date

Rationale

Resources

Tomcat Process User/Group and ${tomcat_home} Permissions

Rationale

Background info

The JVM doesn't fork at all, nor does it support setuid() calls. The JVM, and therefore Tomcat, is one process. The JVM is a virtual machine with many threads under the same process.

Resources

Removing Unused Web Applications

Rationale

Using Digested Passwords

Rationale

Tomcat Realms

A realm element represents a "database" of usernames, passwords, and roles (similar to Unix groups) assigned to those users.

Configure Tomcat to use digested passwords

Enabling Encryption

How encryption works

For more information on how encryption works, Wikipedia details the steps involved during an TSL or SSL transaction.

Rationale

CA-signed Certificates

A self-signed certificate says to your users "Trust me - I am who I say I am."

A certificate signed by a CA says, "Trust me - the CA agrees I am who I say I am."

Certificates

Certificate keystore file

Enabling SSL encryption in Tomcat

Configuring web applications for SSL

Looking Ahead

Other than the compelling security reasons, you will want to enable SSL to take advantage of a couple of monitoring and debugging tools: the TDS Remote Management Tool, and the TdsMonitor Tool -- both of which (out-of-the-box) require a secure connection to access.

Resources

Securing the Tomcat manager Application

Changes to the manager application

The manager application URLs and roles has been re-structured. See the Tomcat Migration guide for more information.

Rationale

Enabling SSL for the Tomcat manager application

Resources

Blocking Non-Essential Port Access At The Firewall

Rationale

For running the TDS, keep in mind the following:

Resources

Restricting Access To The TDS By Remote IP Address Or Host

Rationale

Tomcat Valves

A valve element represents a component that will be inserted into the request processing pipeline for the associated Catalina container.

Examples

  1. Using the RemoteAddrValve to restrict access based on IP addresses.
  2. <!-- This example denies access based on IP addresses -->
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
           deny="128\.117\.47\.201,128\.107\.157\.210,96\.33\.56\.215" />
    
  3. Using the RemoteHostValve to restrict access based on resolved host names.
  4. <!-- This example denies access based on host names -->
    <Valve className="org.apache.catalina.valves.RemoteHostValve"
               deny="www\.badguys\.com,www\.bandwidthhog\.net" />
    
  5. Using wildcard characters.
  6. <!-- Wildcard characters can with the both valves -->
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
           deny="128\.117\.47\..*" />
    
  7. Using the RemoteAddrValve to limit access to a specific range of IP addresses.
  8. <!-- This example only allows the specified IPs to access  -->
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
              allow="128\.117\.140\..*" />
    

Resources

Reverse Proxy

Rationale

Resources

Running Tomcat with a Security Manager

Rationale

Resources

Protecting the Tomcat SHUTDOWN Port

SHUTDOWN on port 8005