| Content layer | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||
|
| Code Block |
|---|
drwxrwxr-x. 14 twcloud twcloud 4096 Apr 15 14:39 docs drwxrwxr-x. 6 twcloud twcloud 83 Apr 15 14:39 examples drwxrwxr-x. 5 twcloud twcloud 87 Apr 15 14:39 host-manager drwxrwxr-x. 5 twcloud twcloud 103 Apr 15 14:39 manager drwxrwxr-x. 3 twcloud twcloud 283 Apr 15 14:39 ROOT drwxr-x---. 8 twcloud twcloud 117 Apr 15 14:47 webapp -rwxrwxr-x. 1 twcloud twcloud 67742880 Oct 31 17:56 webapp.war |
As you can see, in addition to webapp.war and the webapp directory, there are additional directories, containing applications, which could potentially be exploited.
You want to remove docs, examples, host-manager, manager, and ROOT.
| Warning |
|---|
When you remove the ROOT application directory, accessing https://ip_address:8443 will no longer display the Apache Tomcat default landing page. |
Upgrading Tomcat
Our installers deploy with a given version of Apache Tomcat. As vulnerabilities are exposed in Tomcat, you may be required by your organization to upgrade to a specific version.
The "code" of tomcat is the compilation of the jar files residing in <instal_root>/WebAppPlatform/bin and <instal_root>/WebAppPlatform/lib.
In order to "slip-stream" an upgrade without having to fully replace the Tomcat installation, you can replace the existing *.jar files in these directories with the ones from the new one.
Before doing this, you will want to make copies of these directories so you can easily revert back in case of an incompatibility with the new version.
Under Linux, assuming that you have access to the internet from the server, you can download and use the script below to automatically upgrade your instance to the target version.
script
utilizes rsync, so we will install it via yum # If you are offline you need to put required installer file in the same location with this script # Edit default version if you can't input it during upgrade DEFAULT_VERSION=9.0.63 ########################################### # # DO NOT MODIFY ANYTHING BEYOND THIS POINT # ########################################### echo "" echo "----------------------------------------------------------------------------" echo "This script utilizes rsync, so we will install it via yum." echo "Please ensure rsync is on the system if thes are no posibility to use yum package manager" echo "" echo "----------------------------------------------------------------------------" read -e -p "Please enter the tomcat version you would like to use. [default is: $DEFAULT_VERSION] : " TOMCAT_VERSION echo "----------------------------------------------------------------------------" echo "" TOMCAT_VERSION="${TOMCAT_VERSION:-$DEFAULT_VERSION}" echo "Tomcat will be upgraded to: "$TOMCAT_VERSION "version." WEBAPP_ROOT=$(cat /etc/systemd/system/webapp.service | grep CATALINA_HOME_WEBAPP | cut -f 3 -d '=') WEBAPP_OWNER=$(stat -c "%U:%G" $WEBAPP_ROOT) ##################################### # Install rsync yum install rsync -y -q #################################### # Setting up script variables MAJOR_VERSION=$(echo $TOMCAT_VERSION | cut -d . -f 1) TOMCAT_DOWNLOAD=https://archive.apache.org/dist/tomcat/tomcat-$MAJOR_VERSION/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz TOMCAT_TAR=$(basename $TOMCAT_DOWNLOAD) TOMCAT_DIR=$(basename $TOMCAT_TAR .tar.gz) ##################################### # Begin deployment wget $TOMCAT_DOWNLOAD [ ! -e "${TOMCAT_TAR}" ] && echo "File does not exist ! Check the file name or internet connection and try again." && exit|| echo "File $TOMCAT_TAR exists" tar -xf $TOMCAT_TAR rsync -av $TOMCAT_DIR/bin/*.jar $WEBAPP_ROOT/bin/ rsync -av $TOMCAT_DIR/lib/*.jar $WEBAPP_ROOT/lib/ #################################### # Ensure proper ownership of files chown -R $WEBAPP_OWNER $WEBAPP_ROOT/bin $WEBAPP_ROOT/lib #################################### # Remove foder with extracted files rm -fr $TOMCAT_DIR echo "" echo "Upgrade completed successfully."to automatically upgrade your instance to the target version.
| Warning |
|---|
The script provided above may stop working if the Apache Tomcat distribution changes the methodology used in storing the tarfiles. |
Upgrading
Webapp Web Application Platform bundled JDK
Webapp Web Application Platform can run with Java 17.0.1. If you wish to use it instead of the bundled version, it is located in <install_root>/WebAppPlatform/jre.
| title | upgrade_jdk_webapp.sh |
|---|
To upgrade JDK automatically, download and use the upgrade_jdk_webapp.sh script.