[Windows Server 2012] Tomcat Security Hardening Method

★ Welcome to The Guardian God · V Classroom, website address: http://v.huweishen.com
★ Guardian God · V Classroom is a Web site dedicated to providing server instructional video for the Guardian God, updated weekly video.
★ This section we will lead you: Tomcat Security Configuration
• This section is connected to the previous section, "Tomcat installation Configuration", so Tomcat has been installed and configured properly.
· Tomcat is run as a system service by default, and it is very dangerous to run an account on the systems. Need to fall right and give proper reading
Write permissions.

1. Establish a system account to run Tomcat
1) Add a user, named Tomcat_hws;
2) Set user Tomcat_hws only belong to Guests Group;

2. Set permissions for the Tomcat directory
1) Locate the Tomcat installation directory (obtained in the system service, the service name defaults to TOMCAT7, the display name is Apache
Tomcat 7.0 TOMCAT7);
To the Tomcat installation directory Administrators, the SYSTEM "Full Control" permission; give Tomcat_hws "Read and
Line "permission;
2) "Logs" "temp" in the Tomcat installation directory
Give them Administrators, SYSTEM "Full Control" permission; Tomcat_hws "read/write/delete" permission
；
3) Locate the website file directory (default in the Tomcat installation directory webapps\root);
Store directory Administrators, SYSTEM "Full Control" permission for Web site files, tomcat_hws "read/write
/delete "permissions;
(If you have more than one Web site file directory, you need to add the Tomcat_hws "read/write/delete" permission;)

3. Set up Tomcat service
1) Set the Tomcat service startup account to Tomcat_hws;
2) Restart the Tomcat service;

4. Test results
1) Tomcat running account is TOMCAT_HWS, success down right;
2) Open the test page http://localhost:8080/totcheck.jsp;
3) The JSP probe is running normally.

5. Other protective measures
If your tomcat is not down, but you have to address security issues, you can use the Guardian God Tamper-proof system (PRO) to
Solve.
Through the "Process throttling" module of the Guardian God Tamper-proof System (Pro Edition),
Setting up Tomcat only has permissions on the Tomcat home directory and the site directory.
This way hackers will not be able to invade the server through Tomcat.

Now that this section is over, please visit the Guardian God website (www.huweishen.com) for more instructional videos.

Reprint please indicate the source (http://v.huweishen.com/video/49.html) Thank you!

[Windows Server 2012] Tomcat Security Hardening Method