Mitigation & Hardening

Topics

1. Lab Setup & Configuration

2. Enumeration

3. Exploitation

4. Mitigation & Hardening

Config Files

The file tomcat-users.xml defines user roles. Locate it with:

find / -name tomcat-users.xml 2>/dev/null

Ensure credentials and roles are correctly secured, such as:

<user username="admin" password="admin" roles="manager-gui,admin-gui"/>

Benchmark Guidelines

• CIS

• STIG