We support vulnerability and compliance scans for tomcat servers. Simply create a Tomcat Server record with details about your Tomcat installation and instance. The same record may include details for both Windows and Unix installations.
Did you know? You can allow the system to create Tomcat Server authentication records for auto discovered instances and scan them. This is supported for Unix installations only.
For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article:
Authentication Technologies Matrix
- Go to Scans > Authentication.
- Check that you already have a record defined for each host running a tomcat server. For Windows hosts, a Windows record is required. For Unix hosts, a Unix record is required.
- Create a Tomcat Server record for the same host (IP). Go to New > Applications > Tomcat Server.
- Before launching a vulnerability scan, pick Windows, Unix and Tomcat Server authentication in your option profile. (All authentication options are used automatically for compliance scans.)
Note: If the Network Support feature is enabled, then the Windows/Unix record must have the same network selected as the Tomcat Server record.
Tell me about user permissionsTell me about user permissions
Managers can add authentication records. Unit Managers must be granted the permission Create/edit authentication records/vaults.
When the installation directory and the instance directory are the same (typically the case), enter the path to the installation directory and leave the instance directory blank. When different, you'll also need to provide the path to the instance directory.
Enter the Windows service name if you plan to run compliance scans. This is required for certain controls.
You'll need to tell us where the tomcat server is installed. You may also need to tell us where the tomcat server instance(s) are installed (applies to VMware vFabric and Pivotal).
I'm using Apache TomcatI'm using Apache Tomcat
When the installation directory and the instance directory are the same (typically the case), enter the path to the installation directory and leave the instance directory blank. When different, you'll also need to provide the path to the instance directory. (The Auto Discover option does not apply to Apache Tomcat.)
I'm using VMware vFabric or PivotalI'm using VMware vFabric or Pivotal
Enter the path to the installation directory and then enter the path to the instance directory. For a single tomcat instance, do not use the Auto Discover option. For a directory with multiple instances, select the Auto Discover option so we can find all the instances.
I'm not sure which tomcat servers are installedI'm not sure which tomcat servers are installed
If the target hosts you've entered on the IPs tab have different types of tomcat servers or you're not sure which types of servers are installed, then you'll want to enter the path to the installation directory and leave the instance directory blank. Then select the Auto Discover option so we can find all the instances.