tomcat security baseline

　　In order to comply with tomcat security baseline, need to do some reinforcement:

1, administrator password encryption: "tomcat digest algorithm encryption password"

　　Managing User Profiles in conf / tomcat-users.xml, the password is generally clear text, if required encryption, you can fill in the ciphertext file in tomcat-users.xml after the conf / server.xml configuration encryption algorithm. Proceed as follows:

1, server.xml configure password encryption, MD5 encryption only here to do, pay attention: Realm section is a line in the default configuration, ends with /, the need to disassemble. 
< Realm className = "org.apache.catalina.realm.UserDatabaseRealm" the resourceName = "UserDatabase" > 
        < CredentialHandler algorithm = "the MD5" className = "org.apache.catalina.realm.MessageDigestCredentialHandler" /> 
</ Realm >
2, to generate encrypted with digest.sh script md5 ciphertext output: userpassword: balabalabalabala
digest.sh -a md5 userpassword
3, the generated ciphertext Alternatively conf / tomcat-users.xml the original plaintext password

2, configuration error page: "Tomcat configuration error page" , added in web.xml

    <!-- 400错误 -->  
    <error-page>  
        <error-code>400</error-code>  
        <location>/error.html</location>  
    </error-page>  
    <!-- 404 页面不存在错误 -->  
    <error-page>  
        <error-code>404</error-code>  
        <location>/error.html</location>  
    </error-page>  
    <!- 500 Server Internal Error->   
    < error-Page >   
        < error-code > 500 </ error-code >   
        < LOCATION > /error.html </ LOCATION >   
    </ error-Page >   
    <-! Java.lang.Exception exception error, according to this tag can define a plurality of similar error ->   
    < error-Page >   
        < Exception-type > java.lang.Exception </ Exception-type >   
        < LOCATION > /error.html </ LOCATION >   
    </ error-Page >   
    <!--java.lang.NullPointerException exception error, an error message may be defined based on the plurality of similar tag ->   
    < error-Page >   
        < Exception-type > java.lang.NullPointerException </ Exception-type >   
        < LOCATION > /error.html < / LOCATION >   
    </ error-Page >

3. Modify Banner: "Tomcat modify banner, hidden version information" , Server Properties to modify conf / server.xml of

打开tomcat的conf/server.xml,在server.xml找到
<Connector port="8080" protocol="HTTP/1.1"  
                    connectionTimeout="20000" 
                    redirectPort="8443"  
                    URIEncoding="UTF-8" 
                    useBodyEncodingForURI="true" />

Modified as follows:
<Connector port="8080" protocol="HTTP/1.1"  
                     connectionTimeout="20000" 
                     redirectPort="8443"  
                     URIEncoding="UTF-8" 
                     useBodyEncodingForURI="true" 
                     server="Microsoft-IIS/6.5"/>