ࡱ> \[ g2\p Sain, Joe Ba==<`c-8X@"1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Calibri1 Calibri1Calibri14Calibri1 Calibri1Calibri1$Arial1Calibri1,>Calibri1>Calibri1>Calibri1'Arial1>Calibri14Calibri1<Calibri1?Calibri1h>Cambria1Calibri1 Calibri"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_)                                                                      ff + ) , *      P  P         `             a   H 8 )8  @ @  @ )8  h )8 )8 )8 (0 )8  (  (0  )8 )x x (p )x )x )x )x )x+ x+ )x+ )x+ (p+  (p+ a)p+ )x+ )x+ )x x )x (x )x ||e}A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef ;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L ;_(@_) }A} 00\);_(*23;_(@_) }A} 00\);_(*23;_(@_) }A} 00\);_(*23;_(@_) }A} 00\);_(*23;_(@_) }A}  00\);_(*23;_(@_) }A}! 00\);_(*23 ;_(@_) }A}" 00\);_(*;_(@_) }A}# 00\);_(*;_(@_) }A}$ 00\);_(*;_(@_) }A}% 00\);_(*;_(@_) }A}& 00\);_(*;_(@_) }A}' 00\);_(* ;_(@_) }A}( 00\);_(*;_(@_) }}) }00\);_(*;_(@_)    }}* 00\);_(*;_(@_) ??? ??? ??? ???}-}/ 00\);_(*}(}0  00\);_(*}A}1 a00\);_(*;_(@_) }A}2 00\);_(*;_(@_) }A}3 00\);_(*?;_(@_) }A}4 00\);_(*23;_(@_) }-}5 00\);_(*}(}6  00\);_(*}}7 ??v00\);_(*̙;_(@_)    }A}8 }00\);_(*;_(@_) }A}9 e00\);_(*;_(@_) }x};00\);_(*;_(  }}< ???00\);_(*;_(??? ???  ??? ???}-}> 00\);_(*}U}? 00\);_(*;_( }-}@ 00\);_(*}(}P00\);_(*}(}Q00\);_(*}(}R00\);_(*}(}S00\);_(*}(}T00\);_(*}(}U00\);_(*}(}V00\);_(*}(}WL00\);_(*}(}XL00\);_(*}(}YL00\);_(*}(}ZL00\);_(*}(}[L00\);_(*}(}\L00\);_(*}<}]  00\);_(*L;_(}(}^L00\);_(*}(}_L00\);_(*}(}`L00\);_(*}(}aL00\);_(*}(}bL00\);_(*}(}cL00\);_(*}(}dL00\);_(* 20% - Accent1M 20% - Accent1 ef % 20% - Accent2M" 20% - Accent2 ef % 20% - Accent3M& 20% - Accent3 ef % 20% - Accent4M* 20% - Accent4 ef % 20% - Accent5M. 20% - Accent5 ef % 20% - Accent6M2 20% - Accent6  ef % 40% - Accent1M 40% - Accent1 L % 40% - Accent2M# 40% - Accent2 L渷 % 40% - Accent3M' 40% - Accent3 L % 40% - Accent4M+ 40% - Accent4 L % 40% - Accent5M/ 40% - Accent5 L % 40% - Accent6M3 40% - Accent6  Lմ % 60% - Accent1M 60% - Accent1 23 % 60% - Accent2M$ 60% - Accent2 23ږ % 60% - Accent3M( 60% - Accent3 23כ % 60% - Accent4M, 60% - Accent4 23 % 60% - Accent5M0 60% - Accent5 23 %! 60% - Accent6M4 60% - Accent6  23 % "Accent1AAccent1 O % #Accent2A!Accent2 PM % $Accent3A%Accent3 Y % %Accent4A)Accent4 d % &Accent5A-Accent5 K % 'Accent6A1Accent6  F %(Bad9Bad  %) Calculation Calculation  }% * Check Cell Check Cell  %????????? ???+ Comma,( Comma [0]-&Currency.. Currency [0]/Explanatory TextG5Explanatory Text %0 F Followed Hyperlink   1Good;Good  a%2 Heading 1G Heading 1 I}%O3 Heading 2G Heading 2 I}%?4 Heading 3G Heading 3 I}%235 Heading 49 Heading 4 I}%64 Hyperlink   7InputuInput ̙ ??v% 8 Linked CellK Linked Cell }% 9NeutralANeutral  e%"Normal: Normal 10 2 ;Noteb Note   <OutputwOutput  ???%????????? ???=$Percent >Title1Title I}% ?TotalMTotal %OO@ Warning Text? Warning Text %XTableStyleMedium9PivotStyleMedium48dq:F3ffff̙̙3f3fff3f3f33333f33333\`lTomcat68 CCE IDCCE DescriptionCCE ParametersCCE Technical MechanismsMThe Java Security Manager (JSM) should be enabled or disabled as appropriate.(1) exist/not exist-(1) catalina.policy file under Catalina HomeZTomcat should be configured to run with or without the Java Security Manager upon startup.h(1) '-security' command-line parameter on Tomcat startup -Djava.security.manager command line parameter6The Tomcat server port number should be set correctly.(1) port number;(1) ' >' element in server.xmlTThe Tomcat Legacy JK AJP 1.3 connector should be enabled or disabled as appropriate.i(1) '' element in server.xmlNThe Tomcat Legacy JK AJP 1.3 connectors should listen on the specified ports.(1) 'port' attribute inside '' element in server.xmlRThe Tomcat Legacy HTTP/1.1 connector should be enabled or disabled as appropriate.t(1) '' element in server.xmlKThe Tomcat Legacy HTTP/1.1 connectors should listen on the specified ports.(1) 'port' attribute inside '' element in server.xml?The Tomcat login authentication method should be set correctly.!(1) BASIC/FORM/DIGEST/CLIENT_CERT/(1) Value of '' element in web.xmlBSecurity roles for the Tomcat manager app should be set correctly.(1) security role name](1) '' element inside '' element in the admin.xml file under Tomcat(1) list of IPsAAccess to the Tomcat manager app should be denied as appropriate.(1) '' element inside the '' element in the manager.xml file under TomcatBAccess to the Tomcat manager app should be allowed as appropriate.(1) '' element inside the '' element in the manager.xml file under Tomcat?The owner of the Tomcat home directory should be set correctly. (1) owner (1) via chown?The group of the Tomcat home directory should be set correctly. (1) group (1) via chgrpFThe permissions for the Tomcat home directory should be set correctly.(1) permissionsEThe owner of the Tomcat home/conf/ directory should be set correctly.EThe group of the Tomcat home/conf/ directory should be set correctly.LThe permissions for the Tomcat home/conf/ directory should be set correctly.?The owner of the tomcat-users.xml file should be set correctly.?The group of the tomcat-users.xml file should be set correctly.FThe permissions for the tomcat-users.xml file should be set correctly.pThe password digest algorithm for JDBCRealm (database) connections should be enabled or disabled as appropriate.k(1) 'digest' attribute inside '' element in server.xmlJThe JDBCRealm (database) password digest algorithm should be set correctly(1) SHA/MD2/MD5lThe password digest algorithm for JNDIRealm (LDAP) connections should be enabled or disabled as appropriate.k(1) 'digest' attribute inside '' element in server.xmlHThe JNDIRealm (LDAP) password digest should be configured appropriately._The secure attribute should be set as appropriate for the specified Tomcat HTTP/1.1 connectors.$(1) TARGET: connector (2) true/falseGThe Tomcat WARP connector should be enabled or disabled as appropriate.5The example files should be installed as appropriate."(1) located in /examples directory2The WebDAV app should be installed as appropriate. (1) located in /webdav directory3The Tomcat-docs should be installed as appropriate.%(1) located in /tomcat-docs directory4The Balancer app should be installed as appropriate."(1) located in /balancer directory?The example server.xml file should be installed as appropriate..(1) located in the Tomcat home/conf/ directory/Tomcat should be run by the appropriate account;Tomcat should be run with the appropriate group membership.XThe save directory for log files should be set appropriatly for the specified handlers. (1) TARGET: handler (2) path&(1) directory property of the handlers(1) TARGET: JVM propertyf(1) 'permission java.util.PropertyPermission' line(s) inside 'grant{}' statement in catalina.policy <The Tomcat HTTP/1.1 connector should be enabled or disabled.(1) exists/ not exist=(1) '' element in server.xmlYThe Tomcat HTTP/1.1 connector should be configured appropriately for the specified ports.-(1) TARGET: port number (2) exists/ not existU(1) 'port' attribute inside '' element in server.xmlL(1) secure attribute in a line in server.xmlXThe Tomcat Legacy JK/JK2 AJP 1.3 connector should be enabled or disabled as appropriate.fThe Tomcat Legacy JK/JK2 AJP 1.3 connector should be configured appropriately for the specified ports.T(1) 'port' attribute inside '' element in server.xmleThe secure attribute should be set as appropriate for the specified Tomcat JK/JK2 AJP 1.3 connectors.6(1) '' element in server.xmlUThe Tomcat WARP connector should be configured appropriately for the specified ports.M(1) 'port' attribute inside '' element in server.xmlJJULI container level logging should be enabled or disabled as appropriate.(1) 'logging.properties' fileZThere exists a password in tomcat-users.xml that is not stored using an authorized digest.(1) tomcat-users.xml filej(1) '' element in server.xmlbThe Tomcat Legacy JK AJP 1.3 connector should be configured appropriately for the specified ports.(1) 'port' attribute inside '' element in server.xmlV(1) security attribute inside '' element in server.xml<(1) '' element in server.xml@1.11.1 Starting Tomcat with Security Manager (Level 1, Scorable)Apache Tomcat Configuration Reference The Server Component Common Attributes http://tomcat.apache.org/tomcat-6.0-doc/config/server.htmlApache Tomcat 4 Connectors Overview Tomcat connectors Web Server Connectors Table http://tomcat.apache.org/tomcat-4.1-doc/config/connectors.htmlApache Tomcat 4 Connectors Overview Tomcat connectors HTTP Connectors for Tomcat 4.x Table http://tomcat.apache.org/tomcat-4.1-doc/config/connectors.html;1.6.1 Restrict access to $CATALINA_HOME (Level 1, Scorable)K1.6.3 Restrict access to Tomcat configuration directory (Level 1, Scorable)E1.6.13 Restrict access to Tomcat tomcat-users.xml (Level 1, Scorable)oApache Tomcat 6.0 Realm Configuration HOW-TO JDBCRealm http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.htmlxApache Tomcat 6.0 Realm Configuration HOW-TO Digested Passwords http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.htmloApache Tomcat 6.0 Realm Configuration HOW-TO JNDIRealm http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.htmlApache Tomcat Configuration Reference The HTTP Connector Common Attributes http://tomcat.apache.org/tomcat-6.0-doc/config/http.htmlApache Tomcat Configuration Reference The AJP Connector Common Attributes http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html61.9.1 Application specific logging (Level 2, Scorable)J1.9.2 Specify file handler in logging.properties files (Level 1, Scorable)N1.9.4 Ensure directory in context.xml is a secure location (Level 1, Scorable);1.12.3 Restrict manager application (Level 2, Not Scorable)Apache Tomcat 6.0 Security Manager HOW-TO Standard Permissions http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.htmlA1.3.1 Remove extraneous files and directories (Level 2, Scora< ble)zApache Tomcat 6.0 Logging in Tomcat Using java.util.logging (default) http://tomcat.apache.org/tomcat-6.0-doc/logging.htmlQApache Tomcat 6.0 Tomcat Setup http://tomcat.apache.org/tomcat-6.0-doc/setup.htmleApache Tomcat 6.0 Realm Configuration HOW-TO http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.htmlWThe JULI FileHandler threshold level should be set correctly for the specified classes.B(1) TARGET: class (2) FINEST/FINER/FINE/CONFIG/INFO/WARNING/SEVERED(1) .org.apache.juli.FileHandler.level in logging.properties`The JULI FileHandler save directory should be configured appropriately for the specified classes(1) TARGET: class (2) directoryG(1) .org.apache.juli.FileHandler.directory in logging.properties[The JULI FileHandlerlog file name prefix should be set correctly for the specified classes.(1) TARGET: class (2) prefixD(1) .org.apache.juli.FileHandler.prefix in logging.properties8Apache Software Foundation Apache Tomcat 4 Documentation8Apache Software Foundation Apache Tomcat 6 Documentation`CIS Security Configuration Benchmark For Apache Tomcat 5.5/6.0 Version 1.0.0 December 12th, 2009!Using the -security Option pg 134/Using a Non-root User in the chroot Jail pg 145!Using the -security Option pg 135Client Certificates pg 171DThe Tomcat user account should be locked or unlocked as appropriate.locked/unlocked(1) via passwdcTomcat The Definitive Guide Ch 6 Tomcat Security http://oreilly.com/catalog/tomcat/chapter/ch06.pdfiTomcat web application JVM property read permission should be set correctly for the specified properties.jTomcat web application JVM property write permission should be set correctly for the specified properties.EAll permissions for the specified codebase should exist or not exist.((1) TARGET: codebase (2) exist/not existE(1) catalina.policy: java.security.AllPermissions in a grant element. CCE-26789-8 CCE-27451-4 CCE-27480-3 CCE-27418-3 CCE-27155-1 CCE-27255-9 CCE-27617-0 CCE-26722-9 CCE-27610-5 CCE-26882-1 CCE-26890-4 CCE-27371-4 CCE-27141-1 CCE-27156-9 CCE-27563-6 CCE-27520-6 CCE-27477-9 CCE-27482-9 CCE-27392-0 CCE-27638-6 CCE-27500-8 CCE-26939-9 CCE-27491-0 CCE-26765-8 CCE-27521-4 CCE-27743-4 CCE-27378-9 CCE-27544-6 CCE-27607-1 CCE-27555-2 CCE-27568-5 CCE-27423-3 CCE-27608-9 CCE-27245-0 CCE-27589-1 CCE-27514-9 CCE-27315-1 CCE-27307-8 CCE-27577-6 CCE-27476-1 CCE-27463-9 CCE-27472-0 CCE-27634-5 CCE-27726-9 CCE-27661-8 CCE-27707-9 CCE-27668-3 CCE-27564-4 CCE-27761-6 CCE-27600-6 CCE-27652-7Last modfied: 2013-02-11Version: 5.201302143 46Q9B<Y= ?; @BCPEG4JLOS S_U(X1eY{[[[\\;]l ] ^L cc PK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭VMԯNDJ++2a,/$nECA6٥D-ʵ? dXiJF8,nx (MKoP(\HbWϿ})zg'8yV#x'˯?oOz3?^?O?~B,z_=yǿ~xPiL$M>7Ck9I#L nꎊ)f>\<|HL|3.ŅzI2O.&e>Ƈ8qBۙ5toG1sD1IB? }J^wi(#SKID ݠ1eBp{8yC]$f94^c>Y[XE>#{Sq c8 >;-&~ ..R(zy s^Fvԇ$*cߓqrB3' }'g7t4Kf"߇ފAV_] 2H7Hk;hIf;ZX_Fڲe}NM;SIvưõ[H5Dt(?]oQ|fNL{d׀O&kNa4%d8?L_H-Ak1h fx-jWBxlB -6j>},khxd׺rXg([x?eޓϲكkS1'|^=aѱnRvPK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 0_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!0ktheme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK]  g2 JuZ  dMbP?_*+%&?'?(?)?MKhp photosmart 7350 series (red!@m߀dvertBe@RLdBeںں\\OFFICE\hp photosmart 7350 series,LocalOnly,DrvConvert"d,,??&U} } *C} $C} 2C} A} %P}  W} W} m`} C} J  ` ` B @                             O O B B B B G Q X X~ a H I J IG R` YZb M I J I G R` YZb M J J I GS [a Zb M J J I GS\ [bb M J J I GS\ [bb M I J I GS\ [cb M J J I GS\ [c b M I I J GRYZ b M I I I G So YZb M I I I G So YZb M I I I G So YZb M I I! I"G Rd YZb M I# I$ I%G Rd YZb M I& I' I"G Rd YZb M I( I! I"G Re YZb M I) I$ I%G Re YZb M I* I' I"G Re YZb M I+ I! I"G Rf YZb M I, I$ I%G Rf YZb M I- I' I"G Rf YZb M I. I I/ GS [g Zb M J0 I1 I/ GS [h Zb M J2 I I3 GS [i Zb M I4 I1 I3 GS [h Zb M II IJ IK GS [j Zb M IL IM JN GS [j Zb M I5 I6 JO GS [j Zb M IP J J_ GS [k Zb M IQ J JR GS [k ZbDl~``b````X````````````bbbbbbbb ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  M IS J J^ GS [k Zb !M !I !J !I[ !GSY ![b!b "M "I\ "J "I] "GSY "[b"b #M #I7 #J #IT #GSY #[b#b $M $IU $J $IV $GSY $[b$b %M %IW %JJ %IX%G %Rl %Y[c &M &Ju &Jv &Jw&G &Rm &Y[c 'M 'Jx 'Jy 'Jz'G 'Rn 'Y[c (M (J{ (J| (J}(G (Rn (Y[c )M )J )J )J )GS )[p)[ )b *M *I8 *I *I9*G *Tq *YZb +M +I: +I +I;+G +Tq +YZb ,M ,I< ,I ,I=,G ,Tq ,YZb -M -I> -I -I?-G -Tq -YZb .M .I@ .I .IA.G .Tq .YZb /M /IB /I /I" /GS /]s/Z /b 0M 0IC 0I 0I% 0GS 0]s0Z 0b 1M 1KD 1KE 1KF 1GU 1^r 1[b 2M 2N 2NG 2NH 2GR 2[p2Z 2b 3M 3N 3NG 3NH 3GU 3[p3Z 3b 4M 4LY 4L 4LZ 4GU 4[t 4Zb 5M 5K 5K 5K5GUZZ 5b6EFFF6V__d7D8D9D:D;D<D=D>D?DDx lb````````l`````llbllbX$ @ABCDEFGHI@DADBDCDDDEDFDGDHDID, >@`bA //yK 3http://tomcat.apache.org/tomcat-6.0-doc/setup.htmlyK ~http://tomcat.apache.org/tomcat-6.0-doc/setup.htmlyX;H,]ą'c00yK 3http://tomcat.apache.org/tomcat-6.0-doc/setup.htmlyK ~http://tomcat.apache.org/tomcat-6.0-doc/setup.htmlyX;H,]ą'c Identify Technical MechanismsEach technical meachanism should be identifed by a number. Therefore text in this cell should always begin with '(1) ', and additional technical mechanisms should be called out by '(#)'./L@Bs(1) @  23ggD@ Oh+'0@H`t Sain, Joseph A. Sain, JoeMicrosoft Macintosh Excel@`s,@ȩ՜.+,D՜.+,HP X`hp x  Tomcat6  Worksheets 8@ _PID_HLINKSA< a33http://tomcat.apache.org/tomcat-6.0-doc/setup.htmla33http://tomcat.apache.org/tomcat-6.0-doc/setup.html  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJLMNOPQRTUVWXYZRoot Entry FbޱWorkbookەSummaryInformation(KDocumentSummaryInformation8S