Novell Home

My Favorites

Close

Please to see your favorites.

Manually updating Tomcat for SLM1.0.0.5

This document (7007275) is provided subject to the disclaimer at the end of this document.

Environment

Sentinel Log Manager 1.0.0.5

Situation

Sentinel Log Manager 1.0.0.5 includes a version of Tomcat with a known security vulnerability, CVE-2010-2227. In order to ensure compliance with security for our own SIEM solution, it is necessary to update to Tomcat version 6.0.29 which includes a fix for the vulnerability mentioned above. Sentinel Log Manager 1.2 will include the fixed version of Tomcat.

Resolution

Below are the steps to update Tomcat that ships with 1.0.0.5 to Tomcat version 6.0.29;

Step 1: Stop SLM server
Step 2: Extract downloaded apache-tomcat-6.0.29.tar.gz in {install_directory}/3rdparty/ so you'll get {install_directory}/3rdparty/apache-tomcat-6.0.29/
Step 3: Go to {install_directory}/3rdparty/apache-tomcat-6.0.29/ directory
Step 4: (Optional) Delete directories docs and examples from {install_directory}/3rdparty/apache-tomcat-6.0.29/webapps/
Step 5: Delete directory logs from {install_directory}/3rdparty/apache-tomcat-6.0.29/
Step 6: Copy following lines from {install_directory}/3rdparty/apache-tomcat-6.0.29/conf/server.xml to {install_directory}/3rdparty/tomcat/conf/server.xml at an appropriate matching location
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
Step 7: Copy following lines from {install_directory}/3rdparty/tomcat/conf/web.xml to {install_directory}/3rdparty/apache-tomcat-6.0.29/conf/web.xml at an appropriate matching location
<!-- This security-constraint constraint forces HTTPS to be used, even if the user
attempts to connect to HTTP. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Automatic SLL Forwarding</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Step 8: Copy server.xml from {install_directory}/3rdparty/tomcat/conf/ directory to {install_directory}/3rdparty/apache-tomcat-6.0.29/conf/ directory overwriting existing ones
Step 9: Copy WEB-INF, novellsiemdownloads, favicon.ico and index.html from {install_directory}/3rdparty/tomcat/webapps/ROOT/ directory to {install_directory}/3rdparty/apache-tomcat-6.0.29/webapps/ROOT/ directory overwriting existing ones
Step 10: Copy novelllogmanager, and novelllogmanager.war from {install_directory}/3rdparty/tomcat/webapps/ directory to {install_directory}/3rdparty/apache-tomcat-6.0.29/webapps/ directory
Step 11: Change ownership and group of {install_directory}/3rdparty/apache-tomcat-6.0.29/ directory to novell:novell recursively
Step 12: Change permissions for {install_directory}/3rdparty/apache-tomcat-6.0.29/ directory to 700 recursively
Step 13: Rename {install_directory}/3rdparty/tomcat/ directory to {install_directory}/3rdparty/tomcat_old/
Step 14: Rename {install_directory}/3rdparty/apache-tomcat-6.0.29/ directory to {install_directory}/3rdparty/tomcat/
Step 15: Create symbolic link {install_directory}/3rdparty/tomcat/logs pointing to "{install_directory}/log/tomcat"
Step 16: Start SLM server

Bug Number

641237

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7007275
  • Creation Date:30-NOV-10
  • Modified Date:26-APR-12
    • NetIQSentinel

Did this document solve your problem? Provide Feedback