Tomcat server in vCSA 5.5 - hardening?

patnerd1987 · ‎07-17-2014

Hi all,

We have been asked to specify 'what security policy will be applied to Tomcat' in the context of us deploying vCenter Server Appliance 5.5. I have the 5.5 Hardening Guide which specifies a number of changes for vCSA e.g. SSO password changes, NTP etc. but does not address Tomcat. Is it possible to drill into tomcat config and apply industry-standard hardening there? I have seen posts re memory tweaks for tomcat for vCenter etc so I guess its possible to go to the CLI and get busy in config files. So does that mean we could tweak for hardening also??
Or can we assume VMware have pre-configured it, "locked it down" and there is nothing more we can do?

Any advice appreciated,

PD

Cyberfed27 · ‎07-17-2014

Assuming you have full root access to the vCSA you can edit anything you want. Understand that these are purpose built appliances that aren't really meant to be tinkered with especially down in its core. Some consideration to tighten down the virtual appliances is done but there is always more that can be done in my experience. Tread lightly but yes you can harden the operating system and/or applications. Also understand that if you go making changes that VMware doesn't want you doing and you have issues and call for support they will probably refuse to troubleshoot.

All

Tomcat server in vCSA 5.5 - hardening?