Tomcat配置不当导致文件泄露

Tomcat配置不当导致文件泄露

说明:Tomcat由于配置不当会导致tomcat/conf log webapps work temp bin lib等信息暴露在游览器中 例如:

1http://192.168.89.38:8080/conf/catalina.policy
2http://192.168.89.38:8080/conf/catalina.properties
3http://192.168.89.38:8080/conf/context.xml
4http://192.168.89.38:8080/conf/logging.properties
5http://192.168.89.38:8080/conf/server.xml
6http://192.168.89.38:8080/conf/tomcat-users.xml
7http://192.168.89.38:8080/conf/web.xml

修复方法:

1将 /export/servers/tomcat 下的 server.xml
2
3<Host name="localhost" appBase=""  改成  
4<Host name="localhost" appBase="webapps"
5
6appBase千万不能为空

修改完后重启生效


用fail2ban简简单单封掉ssh端口的试探
Nodejs禁止后台偷偷升级
comments powered by Disqus