-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To whom it may concern,
On 12/2/11 12:10 PM, jmpaul012 wrote: >> So I am doing Tomcat STIGS and I am stuck on two of the STIGs. >> >> 1. How do I change what tomcat logs? I think it's something I >> need to do in server.xml but I'm not sure. What have you tried so far? This is a community mailing list, not a consulting agency. We're here to help, not to do things for you. >> This is what I need to log: >> >> • Date, Time • IP address of the host that initiated the request >> • User ID supplied for HTTP authentication • HTTP Method • URL in >> the request • The protocol and protocol version used to make the >> request • Source and destination port numbers • Status codes for >> the response • Size of the response in bytes • HTTP Status and >> Referrer for the following events: That sounds a lot like an HTTP access log. Have you looked through the "logging" documentation for your version of Tomcat for how to do access logging? >> - Successful and unsuccessful attempts to access the web server >> software. Depends upon your definition of "successful", "attempt", and "access". >> - Successful and unsuccessful attempts to access the web site. Ditto. >> - Successful and unsuccessful attempts to access the web >> application. Ditto. >> 2. How do I view/change the HTTP header information of an >> intranet site that is using Tomcat? I have to make sure the HTTP >> header does not show information about the web server which would >> include, web server product, version, or host operating system Generally speaking, it's nice to post different questions in separate threads. It's not a huge deal, but it makes following a conversation easier for others. Anyhow, you are looking for changing the "Server" response header, right? That's in the documentation as well, but it might not be the easiest thing to find. See below. Since you are looking at securing Tomcat, you might want to have a look at the "Security Considerations" section of the Tomcat User Guide: http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html (Make sure you use the right version -- I chose TC 7 because you never told us what you were running). Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7ZDaoACgkQ9CaO5/Lv0PB8QACgvfmekninLwMlIuafcwsG2WZ4 HnAAni9XbJ15C0/wv0RgiJuCaZavt/wQ =GVw2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
